I have successfully defined several ACIs within my directory. All but
one of them is working as intended.
I created my ACI's with ldif files, so I have clear documentation of
what I did and need to think carefully about their interactions to fix
my current problem.
I tried to retrieve my ACI's from the directory using the linux openldap
ldapsearch command, but so far have not been successful.
My ACI's all have dn's of the form cn=rulename,o=myDomain. When I search
the directory with the "+" attribute (i.e. return control attributes),
each normal ldap object under the root ACSA lists the dn's and oid's of
the ACI's in force for that object.
However, when I search for "objectclass=accessControlSubentry", nothing
is returned (with or without the "+" attribute). Even searching for the
explicit dn of a known ACI doesn't return anything.
Do you think this is a "user error", or a problem with the openldap
ldapsearch, or apacheds? I am using the 1.5.4 release.
Any suggestions would be welcome. Thanks!
Brian
