Hello,
Thanks for the correction I understand better now.
And than another question : there is no <access> keyword in the acl.
Does it mean that the default value is read ? The man page is not clear about it (or I have not read it correctly).
f.g.
Le 4 mars 2021 à 17:52, Quanah Gibson-Mount quanah@symas.com a écrit :
--On Thursday, March 4, 2021 5:44 PM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
Hello,
I have a production ldap with some acl set. For historical reason the synchronizationn is done with the root dn which is bad. I want to add a user to perform synchronization it must have the right to read everytthing.
is the acl : access to * by dn.exact=<somedn> break added in first position be enough to read everything (even attributs that have been limited on some other acl) AND not break the current configuration ?
Generally what you would want is:
access to * by dn.exact=<somedn> by * break
So that only this ACL applies to somedn, and ACL processing for everything else continues as it did before.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com