Re: ACL for sync reader
Hello,
Thanks for the correction I understand better now.
And than another question : there is no <access> keyword in the acl.
Does it mean that the default value is read ? The man page is not clear about it (or I
have not read it correctly).
f.g.
Le 4 mars 2021 à 17:52, Quanah Gibson-Mount <quanah(a)symas.com>
a écrit :
--On Thursday, March 4, 2021 5:44 PM +0100 Frédéric Goudal
<frederic.goudal(a)bordeaux-inp.fr> wrote:
> Hello,
>
> I have a production ldap with some acl set. For historical reason the
> synchronizationn is done with the root dn which is bad. I want to add a
> user to perform synchronization it must have the right to read
> everytthing.
>
> is the acl :
> access to * by dn.exact=<somedn> break
> added in first position be enough to read everything (even attributs that
> have been limited on some other acl) AND not break the current
> configuration ?
Generally what you would want is:
access to * by dn.exact=<somedn>
by * break
So that only this ACL applies to somedn, and ACL processing for everything else continues
as it did before.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>