Openldap：访问子树的属性

如图所示文档（第 8.2.5 条）我试图限制对 的属性的访问dn.subtree="ou=accounts,dc=domain,dc=local"，dn="cn=addrbook,ou=services,dc=domain,dc=local"但无法访问 的指定属性dn="cn=addrbook,ou=services,dc=domain,dc=local"

root@metalmachine:~# ldapsearch -D "cn=addrbook,ou=services,dc=domain,dc=local" -W -b "ou=accounts,dc=domain,dc=local" mail
Enter LDAP Password:
# extended LDIF
# 
# LDAPv3
# base <ou=accounts,dc=domain,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: mail
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

以下是两个访问指令dn.subtree="ou=accounts,dc=domain,dc=local"

access to dn.subtree="ou=accounts,dc=domain,dc=local" attrs=uid,mail,cn,gn,sn,displayName
        by dn="cn=addrbook,ou=services,dc=domain,dc=local" read
        by dn="cn=dovecot,ou=services,dc=domain,dc=local" read

access to dn.subtree="ou=accounts,dc=domain,dc=local"
        by dn="cn=dovecot,ou=services,dc=domain,dc=local" read
        by anonymous auth
        by self read
        by * none

一切工作正常dn="cn=dovecot,ou=services,dc=domain,dc=local"。