Hi *, I'm having a directory with an basedn: dc=foo, dc=bar containing an "sub directory" named "internal": cn=internal, dc=foo, dc=bar Now I want to hide "internal" and its children from most users, with exception of the members of some administrative groups, so I added an ACI to "internal" like this: (targetattr = "*") (version 3.0;acl "hide internal"; deny (read,write,delete,add) (groupdn != "ldap:///cn=admin,cn=internal,dc=foo,dc=bar"; and groupdn != "ldap:///cn=configuration administrators,ou=groups, ou=topologymanagement,o=netscaperoot");) Now I have a user cn=manager,cn=internal,dc=foo,dc=bar who is member of the group cn=admin,cn=internal,dc=foo,dc=bar and should be allowed to access "internal" and its children. But this doesn't work: I can't even bind as cn=manager,cn=internal,dc=foo,dc=bar I suppose because the user is an child of "internal", and so anonymous isn't allowed to access the object for authentication. How can I achieve that it is possible to bind as a user in the hidden sub directory without making it world readable? cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 Intevation GmbH, Osnabr?ck http://www.intevation.de/~wilde/ Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070606/d09c9eb6/attachment.bin
