I'm trying to set up a read-only ACL for the secauthority=default (TAM) entry under a user entry in IDS.
Our user entry looks something like cn=adme546,ou=users,o=xxxxx, where o=xxxxx is our suffix. At ou=user,o=xxxxx, there are 3 ACLs in place,
I attach a new non-filtered ACL to ou=users,o=xxxxx and I can see that this ACL propogates through to all the user entries in our registry. For example, the new ACL gets attached to cn=adme546,ou=users,o=xxxx. However, when I check the ACL for secauthority=default,cn=adme546,ou=users,o=xxxxx only the 3 ACLs specified above are showing as effective - the new ACL is not effective at this point.
Is there something about the "TAM specific" LDAP entries that affects the way ACLs normally work? Any shedding of light on this matter would be appreciated.