Hmm, I am not to familiar with the acl's. I have solved it now by duplicating the by lines to the other section something like this
{5} access to dn.subtree="ou=People,dc=example,dc=com" attrs="entry,uid,cn,sn,mail,mailHost" by dn="cn=outsourced_ironport,dc=example,dc=com" read by dn="cn=outsourced_bla,dc=example,dc=com" read {6} access to dn.subtree="ou=People,dc=example,dc=com" by dn="cn=outsourced_bla,dc=example,dc=com" read
But I am not to pleased with this solution either. I had to create a new account and save the password on a client, while user account dn's are available there, and they should access these 'own' attributes.
https://www.mail-archive.com/openldap-technical@openldap.org/msg25113.html
-----Original Message----- To: openldap-technical Subject: Re: Now combining acl attribute access with regular access fails
You are confusing “continue” with “break”.
On Aug 31, 2020, at 9:22 AM, Marc Roos M.Roos@f1-outsourcing.eu
wrote:
Now I have that either works, but not both. Reversing these rules also
does not work (with keeping the continue at 5)
{5} access to dn.subtree="ou=People,dc=example,dc=com" by dn="cn=outsourced_bla,dc=example,dc=com" read by * continue {6} access to dn.subtree="ou=People,dc=example,dc=com" attrs="entry,uid,cn,sn,mail,mailHost" by dn="cn=outsourced_ironport,dc=example,dc=com" read
Any help possible?
// John Pfeifer Division of Information Technology University of Maryland, College Park