Hi all, I have a relatively simple requirement to grant some OpenLDAP rights .... my OpenLDAP directory looks like that: root \ ou=managers ou=webprojects \ ou=groups ou=users

now I need to grant full rights for users (InetOrgPerson) in ou=managers to ou=webprojects so that they can create/modify/delete users and groups in ou=groups,ou=webprojects and ou=users,ou=webprojects, also I would like to have users be able to modify their own entries. For a start I tried some settings in slapd.conf, f.e.:

access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to dn.base="ou=webprojects" by users write access to * by self write by users read by anonymous auth

From my (most likely wrong) understanding this would mean that every user should be able to create/modify/delete every entry in and below ou=webprojects; but unfortunately this seems not the case. Instead I get all other sorts of whoes like 'error: need stronger encryption' when I try to login via non-ssl connection etc.

I really dont need ssl since in my case the manager users will always only login via web application on localhost, so nothing goes over the wire.

Can please someone tell about the proper access rules for my requirements?

thanks, Günter.