----- "Rich Megginson" <rmeggins@xxxxxxxxxx> wrote: > Anne (juniper) Cross wrote: > > I have this syntactically correct ACI: > > > > (targetattr = "*") > > (targetfilter="(ou=mailrouting-listserver)") > > (version 3.0;acl "Listserver Administrator";allow (all) > > (userdn = "ldap:///uid=listserve,ou=resource > accounts,ou=people,dc=itasoftware,dc=com");) > > > > It's set on the ou=mailrouting-listserver,ou=resource > accounts,etc,etc branch. > > > > I can authenticate successfully using the uid=listserve account, but > I cannot in fact write or change entries in the > ou=mailrouting-listserver branch using the account. > > > > What have I missed? > > > Does it work if you remove the > (targetfilter="(ou=mailrouting-listserver) clause? It does. I'm a bit wary of leaving it like that, but given that it's set on the branch, am I correct in assuming that it will only affect the branch beneath the point it is set? -- Anne "juniper" Cross Extropic Crusader, Email Plumber Information Technology, ITA Software -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
