Thanks !! Have a nice day !!
On Thu, Oct 25, 2018 at 5:02 PM Quanah Gibson-Mount quanah@symas.com wrote:
--On Thursday, October 25, 2018 10:25 AM +0200 Lirien Maxime maxime.lirien@gmail.com wrote:
OK thanks Quanah ! I removed the "*" on ACL except for the last rule. I don't understand : it is rejected by the last rule. Why does it not match rule #3 ? Normally it may stop at the first match ?
Oct 25 08:31:08 apsim-qualif slapd[27308]: => acl_mask: access to entry "dc=fr", attr "objectClass" requested
Hi Lirien,
It's clearly asking for access to the objectClass attribute in "dc=fr", which is not a part of your ACL#3, so it's correctly denied:
# 3) ********* CONTEXTCSN ********* access to dn.base="dc=fr" attrs=entry,children,contextcsn by dn.exact="cn=Synchro,ou=Comptes Admin,dc=fr" read by dn.exact="cn=supervision,ou=Comptes Clients,dc=fr" read by * none
You need to modify the access to line to include objectClass.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com