michael@stroeder.com wrote:

But could you please check whether this setting helps:

rwm-drop-unrequested-attrs no

It does.

This is another case of ITS#6057; the ACL filter can only be evaluated if the filter attribute is included in those passed through by rwm, otherwise it is just skipped. The larger issue (should ACL evaluation assume the whole entry is available?) seems to still be unaddressed.

I don't understand yet why rwm filters the attributes on its own by default, but I'm sure there's a reason.

alexoz66@gmail.com wrote:

modifying entry "olcOverlay={0}rwm,olcDatabase={1}mdb,cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcRwmDropUnrequested' not allowed

Looking at the schema it seems that the attribute olcRwmDropUnrequested is not part of the olcRwmConfig object class (or any other object class for that matter).

This is fixed in git master now.