This topic has 4 replies, 2 voices, and was last updated 9 months, 3 weeks ago by user1234. Author Posts September 2, 2021 at 9:59 am #28677 user1234Participant Hi, how could I use ldapsearch with filter ds-pwp-account-disabled=true without using “Directory Manager”. If I ldapsearch with a normal user , this user can’t search this attribute, but others do. Thanks. September 2, 2021 at 10:07 am #28678 LudoModerator Hi, If an attribute is not visible for a user, it’s because there is no ACI to grant access to that attribute to the user. In your case, the ACI must grant both Read and Search permissions. September 2, 2021 at 10:23 am #28679 user1234Participant And how can I configure the aci for one attribute? Thanks a lot. September 2, 2021 at 12:17 pm #28680 user1234Participant (targetattr = “ds-pwp-account-disabled”)(version 3.0;acl “Allow search ds-pwp-account-disabled atribute”;allow (all) (userdn = “ldap:///uid=User01,ou=Users,o=domain”);) this aci not work, is it something wrong? September 3, 2021 at 11:01 am #28682 user1234Participant I also try with (targetattr=”*”) but not work… Author Posts Viewing 5 posts - 1 through 5 (of 5 total) You must be logged in to reply to this topic.