> A better way to write this is: > > (targetattr = "mycustomattr")(version 3.0; acl "allow admins > mycustomattr"; allow (all) groupdn = > "ldap:///cn=admins,ou=Groups,dc=company,dc=global";;) > > That's a better rule. > I've tried this and I still can see the attribute without binding (anonymous search). here you can see the custom attr imasLocalAdminPass dn: uid=provamaquina01,ou=users,dc=example.net,dc=petratest,dc=proves,dc=global imasLocalAdminPass: 12345678test objectClass: account objectClass: top objectClass: posixAccount objectClass: imasMaquines uidNumber: 999999 homeDirectory: /dev/null gidNumber: 999999 cn: provamaquina01 uid: provamaquina01 entryLevelRights: vn attributeLevelRights: userPassword:wo, imasLocalAdminPass:rscwo, objectClass:r scwo, uidNumber:rscwo, homeDirectory:rscwo, gidNumber:rscwo, cn:rscwo, uid:r scwo thanks for your time, william. _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
