Hi,

I have a ACL problem, I am not able to figure out what I am doing wrong. Or if there is something wrong in what I understood.

So here is my scenario I have an ou of "user" and an ou of "Administrator"
now one user from administrator branch should be able to edit anything in user branch and the other user should only be able to read the branch "user", also I want userPassword to be visible to only Administrator which has write permissions.

here is my initial ACL for it
{0}to attrs=userPassword by dn.exact="uid=domain.admin,ou=Administrator,dc=example,dc=com" write by anonymous auth
{1}to dn.subtree="ou=user,dc=example,dc=com" attrs=entry,children by dn.exact="uid=domain.admin,ou=Administrator,dc=example,dc=com" write by dn.exact="uid=domain.auth,ou=Administrator,dc=example,dc=com" read

now using above acl none of the user domain.auth or domain.admin is able read/write/search in "user" ou. Only if I add the following ACL to it. 
{2} to * by dn.exact="uid=domain.admin,ou=Administrator,dc=example,dc=com" write by dn.exact="uid=domain.auth,ou=Administrator,dc=example,dc=com" read

everything works as i want it to work.

Mail: 8zero2.in@gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in