--On Thursday, March 4, 2021 5:44 PM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
Hello,
I have a production ldap with some acl set. For historical reason the synchronizationn is done with the root dn which is bad. I want to add a user to perform synchronization it must have the right to read everytthing.
is the acl : access to * by dn.exact=<somedn> break added in first position be enough to read everything (even attributs that have been limited on some other acl) AND not break the current configuration ?
Generally what you would want is:
access to * by dn.exact=<somedn> by * break
So that only this ACL applies to somedn, and ACL processing for everything else continues as it did before.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com