I am struggling with setting ACIs to restrict access to certain attributes I would like the employeenumber attribute to be visible only to the user and only if they are authenticated via sasl gssapi. I have tried several varients of the following: (target = "ldap:///ou=People, dc=ite,dc=gmu,dc=edu") (targetattr ="employeeNumber") (version 3.0;acl "EmployeeNumber"; deny (all) userdn="ldap:///anyone"; | allow (read) userdn="ldap:///self"; and authmethod="sasl gssapi"; ) this one seems to deny access regardless of the authmethod or bindbd used. Anyone got any pointers? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20050728/70db9f82/attachment.html
