I would like to allow a user to edit everything in a given subtree.
For example, I would like to allow uid=Operator,ou=Users,dc=example,dc=com to edit all entries which are in *,ou=Users,dc=example,dc=com.
I tried to follow http://www.zytrax.com/books/ldap/ch6/#access to set up access for that user, but I keep getting "insufficient access".
onn=5 fd=15 ACCEPT from IP=127.0.0.1:46917 (IP=0.0.0.0:389) conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" method=128 conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" mech=SIMPLE ssf=0 conn=5 op=0 RESULT tag=97 err=0 text= conn=5 op=1 DEL dn="uid=d.user3,ou=Users,dc=example,dc=com" conn=5 op=1 RESULT tag=107 err=50 text=no write access to entry
My rule in slapd.conf is:
access to dn="ou=Users,dc=example,dc=com" by dn="uid=Operator,ou=Users,dc=example,dc=com" write by dn="uid=Operator,ou=Users,dc=example,dc=com" read
I also tried to use:
access to dn.subtree="ou=Users,dc=example,dc=com" ...
But then I'm not even able to connect.