Thanks Marc for the reply.

As you suggested, I created myDirAclAuthz instance and used the ‘myotherdb’ ldap connection instance.

When I start my CA,  I see in the access log of ‘myotherdb’ that ‘cn=aclResources’ is searched for and returned successfully.

Then if I authenticate to the CA Agent page, and exercise some operations (e.g. Op=list),  I see activity in the access log of the directory server defined in internaldb. No activity in the access log of ‘myotherdb’.

Is there a way to configure the CA’s default authorization manager to look at myotherdb instead of the internaldb directory?