Hi,
why is cn=Manager,dc=example,dc=com not able to access cn=config with the second ACL? According to manpage the asterisk means any so also cn=config.
is dn: olcDatabase={1}monitor,cn=config above the rule some kind of limitation or context?
# {0}config, config dn: olcDatabase={0}config,cn=config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
# {1}monitor, config dn: olcDatabase={1}monitor,cn=config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none
Thank you in advance.
Stefan
On 04. juni 2015 09:10, Stefan Bauer wrote:
why is cn=Manager,dc=example,dc=com not able to access cn=config with the second ACL? According to manpage the asterisk means any so also cn=config.
An operation only checks the ACLs on the database(s) which contains the relevant entry (or entries for Search), plus the frontend ACLs if no other ACLs apply.
openldap-technical@openldap.org