Description of problem: One of the default ACI on the user suffix is: aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///ou=Directory Administrators, dc=cup,dc=hp,dc=com") ;) But the DN of the default directory administrators group is "cn=Directory Administrators, dc=cup,dc=hp,dc=com" so that doesn't match the ACI. In ldapserver/ldap/ldif/template.ldif change the "ou" to "cn" in that ACI... Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Checked into HEAD (ldapserver). Checking in template.ldif; /cvs/dirsec/ldapserver/ldap/ldif/template.ldif,v <-- template.ldif new revision: 1.5; previous revision: 1.4 done Index: template.ldif =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/ldif/template.ldif,v retrieving revision 1.4 diff -r1.4 template.ldif 47c47 < ou=Directory Administrators, %%%SUFFIX%%%");) --- > cn=Directory Administrators, %%%SUFFIX%%%");)
Verified. See attached for the exported ldif file.
Created attachment 281331 [details] Attached exported ldif which shows proper ACI