I didn't get any responses, so I am asking again. Did I not phrase my question correctly, or am I missing something?
Thanks! -Troy On Feb 15, 2011, at 8:40 AM, Troy Knabe wrote: > I am attempting to be very granular in the access that I give to my > directory, but I seem to be struggling with the implementation. > > I have several proxy accounts that I want to grant the access to that they > need, no more, no less. But I seem to have to put a line in like: > > access to dn.children="dc=company,dc=com" by * read in order to authenticate. > What I thought I wanted was something like this: > > access to attrs=userPassword > by dn.exact=proxy,dc=company,dc=com write > by self write > by anonymous auth > > But without read access above, it does not work. How can I allow proxy > users/groups access w/out granting read access to everyone? Or does the > dn.children allow read access to all attributes? >
