https://bugs.openldap.org/show_bug.cgi?id=9772
--- Comment #13 from stefan@kania-online.de --- Hi Ondřej,
t worked with "olcLogOps: writes". So here is the result from the accesslog when I try to change an ACL in the configuration of the main DB: ------------- dn: reqStart=20220107124049.000003Z,cn=configlog objectClass: auditModify reqStart: 20220107124049.000003Z reqEnd: 20220107124049.000004Z reqType: modify reqSession: 1 reqAuthzID: cn=admin,cn=config reqDN: olcDatabase={2}mdb,cn=config reqMessage: reqResult: 53 reqMod: objectClass:= olcDatabaseConfig reqMod: objectClass:= olcMdbConfig reqMod: olcAccess:- {0} to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred, cn=external,cn=auth manage by dn.exact=gidNumber=1111+uidNumber=1111,cn=peerc red,cn=external,cn=auth manage by dn.exact=uid=ldap-admin,ou=users,dc=example ,dc=net write by dn.exact=uid=repl-user,ou=users,dc=example,dc=net read by * break reqMod: olcAccess:+ {0}to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,c n=external,cn=auth" manage by dn.exact="gidNumber=1111+uidNumber=1111,cn=peer cred,cn=external,cn=auth" manage by dn.exact="uid=ldap-admin,ou=users,dc=exam ple,dc=net" write by dn.exact="uid=repl-user,ou=users,dc=example,dc=net" read by dn.exact="uid=sssd-user,cn=gssapi,cn=auth" read by dn.exact="krbPrincipal Name=K/M@EXAMPLE.NET,cn=EXAMPLE.NET,cn=kerberos,dc=example,dc=net" write by d n.exact="uid=kdc,ou=kerberos-adm,dc=example,dc=net" write by dn.exact="uid=ka dmin,ou=kerberos-adm,dc=example,dc=net" write by * read reqMod: entryUUID:= 74b8ed7a-0290-103c-8a96-1feb14c990fb reqMod: entryCSN:= 20220107124044.203563Z#000000#001#000000 reqMod: modifiersName:= cn=admin,cn=config reqMod: modifyTimestamp:= 20220107124044Z reqEntryUUID: 74b7f7bc-0290-103c-9fd6-f16d7542d525
------------- I hope, it will help.
Stefan