I managed to get cn=config working by following http://www.openldap.org/faq/index.cgi?_highlightWords=cn%20config&file=1... to the letter (meaning: I had to setup a rootdn/rootpw pair to be able to do searches).
How can this be used, _without_ using the rootdn/rootpw? I want ordinary users to be able to search/modify 'stuff' there (eventually, when I know exactly what it is and how to use it :).
I tried 'access to * by * write' as only ACL, but I _still_ got 'Insufficient access' whether or not I authenticated... And running with '-d 128' shows NOTHING for anonymous access (and only 'auth access to userPassword' when using bind DN).
Also (when on the subject of cn=config), in what way is 'cn=schema,cn=config' different from 'cn=Subschema'? The devil is in the details, but why wasn't 'cn=Subschema' enough? It have everything (?) that 'cn=schema,cn=config' have... ?