On Fri, 2010-03-19 at 12:54 +0100, Carlo Pradissitto wrote:
access to * by * write #access to dn.subtree="dc=<domain_1>,dc=<base>" by * write #access to dn.subtree="dc=<domain_1>,dc=<base>" by dn="cn=Administrator1,ou=<domain_1>Administrators,o=Administrators,dc=<base>" write
With no access stanza, OpenLDAP defaults to:
access to * by anonymous read by * none
As soon as you assign an access stanza, this default goes away.
As it stands, you are not giving Administrator1 any permission to bind. Your access stanza doesn't mention anything under the administrative section.
At the very least, you will need something like: access to dn.subtree="o=Administrators,dc=<base>" by anonymous bind
You *will* need to fine-tune this. ;-)
Some decent information on ACLs can be found at http://www.zytrax.com/books/ldap/ch6/
Also, set debug level 128 to view ACL processing -- this will be invaluable to you.