Hi Mark, I have a test instance of 389-ds running on a vm. I’ve tried updating the aci like this: dn: cn=mapping tree,cn=config changetype: modify replace: aci aci: (targetattr = "cn || nsuniqueid || createtimestamp || description || entryusn || modify timestamp || nsds50ruv || MORE STUFF)(targetfilter = "(|(objectclass=nsds5Replic a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA greement)(objectClass=nsMappingTree)(objectClass=nsTombstone))")(version 3.0;acl "permission:Read Repl ication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Re plication Agreements,cn=permissions,cn=pbac,dc=MYREALM,dc=net”;) But still executing the command below produces no output. Executing the command as admin does work: ldapsearch -h localhost -LLL -x -D 'uid=ipamonitor,cn=users,cn=accounts,dc=sgerasenko,dc=net' -w PWD '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectClass=nsTombstone))’ nsds50ruv I’ve verified that “ipamonitor" does have "Read Replication Agreements" assigned. Any ideas what could be missing? Thanks, Sergei |
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/MCJ7KRVAYEKGFDZJ2K5EE5HYSPAYGCEF/
