Yes, it works!
Thanks a lot,
Dorit.

On 5/8/2012 3:25 PM, Nick Milas wrote:
On 8/5/2012 12:32 μμ, Dorit wrote:

I have now tried adding another acl in the middle as follows:

access to dn.subtree="ou=abc,dc=aa,dc=bb,dc=cc" attrs="entry"
by dn="uid=Admin,ou=Operators,dc=aa,dc=bb,dc=cc" search


Try using:

access to dn.subtree="ou=abc,dc=aa,dc=bb,dc=cc" attrs="entry"
  by dn="uid=Admin,ou=Operators,dc=aa,dc=bb,dc=cc" read
  by * break

and then:

access to dn.subtree="ou=abc,dc=aa,dc=bb,dc=cc" filter="(host=csa)"
by dn="uid=Admin,ou=Operators,dc=aa,dc=bb,dc=cc" read

As far as I understand, the
attrs="entry"
is implicit.

No, it's not.

Nick