Full_Name: Ralf Haferkamp Version: RE24, master OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.166.171.158)

The first ACL added to "olcDatabase={0}config,cn=config" does only get active after slapd is restarted. This is because slapd upon startup creates a hardcoded deny-everything ACL when no ACL is defined explicitly for the database. ACLs added after slapd is started will be appended to that hardcoded ACL (but never evaluated as the hardcoded one already matches everything).

I am working on a fix, reworking the way how the hardcoded default ACL for olcDatabase={0}config,cn=config is applied.