>
> I would like to note that all those acis where defined by default
> during installation and initial configuration of 389, I didn't added
> anything manually.
> I understand now that is lot better to have an explicit list of
> allowed attributes than negative blacklist.
> If I get it
> I need to see the aci's on your server to help more. Can you please
> send me (either to the list, or directly to my email) the output of:
>
> ldapsearch -x -b "your basedn" -D 'cn=Directory Manager' -w -H
> ldaps:// '(aci=*)' aci
>
> That well help me answer the question as to what is causing
On Tue, 2018-02-27 at 13:44 +0100, Angel Bosch wrote:
> > A better way to write this is:
> >
> > (targetattr = "mycustomattr")(version 3.0; acl "allow admins
> > mycustomattr"; allow (all) groupdn =
> > "ldap:///cn=admins,ou=Groups,dc=company,dc=global;;)
> >
> > That's a better rule.
> >
>
>
On 02/27/2018 01:44 PM, Angel Bosch wrote:
A better way to write this is:
(targetattr = "mycustomattr")(version 3.0; acl "allow admins
mycustomattr"; allow (all) groupdn =
"ldap:///cn=admins,ou=Groups,dc=company,dc=global;;)
That's a better rule.
I've tried this and I still can see the