This topic has 4 replies, 2 voices, and was last updated 9 months, 3 weeks ago by user1234.

  • Author
  • #28677

    Hi, how could I use ldapsearch with filter ds-pwp-account-disabled=true without using “Directory Manager”. If I ldapsearch with a normal user , this user can’t search this attribute, but others do.




    If an attribute is not visible for a user, it’s because there is no ACI to grant access to that attribute to the user. In your case, the ACI must grant both Read and Search permissions.


    And how can I configure the aci for one attribute?

    Thanks a lot.


    (targetattr = “ds-pwp-account-disabled”)(version 3.0;acl “Allow search ds-pwp-account-disabled atribute”;allow (all) (userdn = “ldap:///uid=User01,ou=Users,o=domain”);)

    this aci not work, is it something wrong?


    I also try with (targetattr=”*”) but not work…

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?