Klaus Ethgen klaus+usenet@ethgen.de writes:

Hello,

I have to admit that I do not know what exactly the entry attribute (and partly the children attribute too) is for. I know that it is needed to give access to any other attribute but that is not enough for me as I want to _know_ what it is for.

Unfortunately I did not find a more clear description of this attribute than "scope limited to this entry" which is somewhat meaningless for me.

So my question is what is the rights that are needed for which entry attribute (in tree) to allow read, write, search or other access to other attributes?

Please excuse that I did crosspost this question to three groups as there is no user group and g.n.o.general is very empty so it was not clear if it is read at all.

entry and children are so called pseudo attributes. They are mainly used to allow access to children of an entry. As example you have an entry ou=users,dc=example,dc=com and want to allow access to children of this entry but no read or write access to the entry itself, a rule set could be

access to dn.onelevel=ou=users,dc=example,dc=com by users write by anonymous auth access to dn.base=ou=users,dc=example,dc=com attrs=entry,children by users write by anonymous auth

-Dieter