Hello,

Just looking for a sanity check. Here is what I have now:

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none

olcAccess: {1}to dn.base="" by * read

olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read


Here is what I think I want:

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none

olcAccess: {1}to attrs=shadowLastChange by * read

olcAccess: {2}to dn.base="" by * read

olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read


Here is the file I think I should use to accomplish this:

changetype: modify

delete: olcAccess

olcAccess: {1}

-

add: olcAccess

olcAccess: {1}to attrs=shadowLastChange by * read

-

delete: olcAccess

olcAccess: {2}

-

add: olcAccess

olcAccess: {2}to dn.base="" by * read

-

add: olcAccess

olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read


And, of course, before I do this I will shutdown ldap, slapcat a backup, and restart. Does this look right?

thanks,

maria