Thanks for the correction I understand better now.
And than another question : there is no <access> keyword in the acl.
Does it mean that the default value is read ? The man page is not clear about it (or I
have not read it correctly).
Le 4 mars 2021 à 17:52, Quanah Gibson-Mount <quanah(a)symas.com>
a écrit :
--On Thursday, March 4, 2021 5:44 PM +0100 Frédéric Goudal
> I have a production ldap with some acl set. For historical reason the
> synchronizationn is done with the root dn which is bad. I want to add a
> user to perform synchronization it must have the right to read
> is the acl :
> access to * by dn.exact=<somedn> break
> added in first position be enough to read everything (even attributs that
> have been limited on some other acl) AND not break the current
> configuration ?
Generally what you would want is:
access to * by dn.exact=<somedn>
by * break
So that only this ACL applies to somedn, and ACL processing for everything else continues
as it did before.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: