Not a big LDAP guy, just trying to get a task done fairly quickly. :) I want to give a user access to cn=OracleContext,dc=example,dc=com in my Fedora DS setup (v1.0.4). I've created the user: uid=ouser,ou=People,dc=example,dc=com And set an ACI on cn=OracleContext,dc=example,dc=com: (targetattr = "*") (target = "ldap:///cn=OracleContext,dc=example,dc=com";) (version 3.0; acl "OracleACI"; allow (all) (userdn = "ldap:///uid=ouser,ou=People, dc=example,dc=com") ;) Just for giggles, I also set one on dc=example,dc=com as well: (targetattr = "*") (target = "ldap:///dc=example, dc=com") (version 3.0;acl "OracleACI";allow (all) (userdn = "ldap:///uid=ouser,ou=People, dc=example,dc=com");) Via ldapsearch, this user can see everything I'd expect (at least under the OracleContext container), but when I log in as the user to the java console, the only objects I see available in the tree are schema, monitor and config. Why can't this user see the dc=example,dc=com tree? I don't see any way to set ACI's at a higher level... Thanks, Ray
