On Wed, Sep 13, 2006 at 01:34:07PM -0400, Brian White wrote: > >>I tried that, but it semes I may need to add it to _all_ the "access" > >>lines, since there are separate one that control access to passwords, > >>etc. > > > >The ordering of ACL's make a difference. Maybe you can just try to > >put it near the top? > > I'm afraid if I do, then I'll end up changing the access permissions of > those special fields to be the same as the first "catch all" ACL. I > don't have the resources to re-test everything. > > It semes to be working if I add the replication DN to all the ACLs, so I > think I'll just stick with that.
You could use the "break" statement. Something like this at the very top: access to dn.subtree="dc=example,dc=com" by dn="cn=updatedn,dc=example,dc=com" write by * break (I don't remember your DIT or the updatedn name, adjust the above)