I am attempting to be very granular in the access that I give to my directory,
but I seem to be struggling with the implementation.
I have several proxy accounts that I want to grant the access to that they
need, no more, no less. But I seem to have to put a line in like:
access to dn.children="dc=company,dc=com" by * read in order to authenticate.
What I thought I wanted was something like this:
access to attrs=userPassword
by dn.exact=proxy,dc=company,dc=com write
by self write
by anonymous auth
But without read access above, it does not work. How can I allow proxy
users/groups access w/out granting read access to everyone? Or does the
dn.children allow read access to all attributes?
