>>[EMAIL PROTECTED] wrote: >> Hi >> >> im trying to get an openldap server (2.3.) running with acl restricting >> access to special attributes >> >> tb_READ should be allowed to search in the ou people but must not read any >> attributes then telephoneNumber, cn, sn, uid... >> >> so i added this access rule to my slapd.conf : >> >> access to dn.subtree="ou=people,dc=example,dc=com" >> attrs=telephoneNumber,cn,sn,mail,roomNumber,uid,givenName >> by dn="cn=tb_READ,ou=functional,dc=example,dc=com" read > >If you don't allow access to the "entry" attribute somewhere else, that's why >it >doesn't work: > >(Quoting Adminguide23, 6.3.1) >"To read (and hence return) a target entry, the subject must have read access >to >the target's entry attribute." > >bye >Christian >-- >Christian Marg mail : mailto:[EMAIL PROTECTED] >Dezernat 2 TU Clausthal web : http://www.tu-clausthal.de >D-38678 Clausthal-Zellerfeld fon : 05323/72-2107 >Germany jabber: [EMAIL PROTECTED]
thanks, i added "entry" and "objectClass" to the "attrs" and searching works fine too ___________________________________ NOCC, http://nocc.sourceforge.net
