Hallo
I have a problem with acl. We have following sturctur.
dc=a,dc=b,dc=c | |-ou=ww-a | |-ou=ww-b | |-ou=ww-c | |-ou=ww-x | |-ou=system
In each ww-a,b,c...x have we users and groups. In system we have system account (in groups and users)
When we search with an ldap client like thunderbird addressbook, the users in system should not be visible.
I use follow rule didn't run:
olcAccess: {1}to filter="(objectclass=inetOrgperson)" attrs=entry,uid,sn,cn,mail,givenName by dn="cn=ad,ou=sys_ad,ou=people,dc=a,dc=b,dc=c" read by * none
the following rule, i found all users (incl. ad, admin and so on)
olcAccess: {1}to filter="(objectclass=*)" attrs=entry,uid,sn,cn,mail,givenName by dn="cn=ad,ou=system,dc=a,dc=b,dc=c" read by * none
I want to avoid regex when posible.
Karl Heinz
openldap-technical@openldap.org