Similarly, other ACLs after this one may grant access to cn=log.
Your current ACL only grants read access to the group ldap-admins.
It doesn't specify rights for other users. Explicitly deny access
to others like this
I tried that as well and got the same result. Also, the man page says that each
"access to" stanza is implicitly terminated by a "by * none", so
specifying this seems to be unnecessary.
But in either case, that also didn't work. I'm working on upgrading my OpenLDAP
to the 2.4 branch so that it's not so old anymore, and once I've got that done
I'll try again. I'm wondering if the problems I'm encountering have to do
with using an older version of the software.
UC Santa Cruz