I have problems authenticating against this acl[0] with nslcd, if I
use[1] authentication is fine. I have the impression the dn.exact is not
able to access the password attribute, because getent shows the other
attributes. How should I rewrite this so the dn.exact is able to read
the password attributes from dn.subtree?
[0]
olcAccess: {0} to dn.exact="" by * read
olcAccess: {1} to dn.exact="cn=Subschema" by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self
read by ssf=256 anonymous auth by * none continue
olcAccess: {3} to
dn.subtree="ou=gggg,ou=ffff,ou=eee,dc=ccc,dc=bbb,dc=aaa" by
dn.exact="cn=system,ou=dddd,dc=ccc,dc=bbb,dc=aaa" ssf=64 read
olcAccess: {4} to * by * none
[1]
olcAccess: {0} to dn.exact="" by * read
olcAccess: {1} to dn.exact="cn=Subschema" by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self
read by ssf=256 anonymous auth by * none
olcAccess: {3} to * by ssf=64 users read by * none