Hello Ferenc,
There is a double comma here. But the problem is that this line will always terminate the ACL processing, because "to * ... by * read" always matches.
olcAccess: {3}to * by dn.exact=cn=config
This line is never reached. Move it to the front instead:
olcAccess: {0}to * by dn.exact=cn=config olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none olcAccess: {2}to dn.base="" by * read olcAccess: {3}to * by self write by * read
I am still confused why script terminates and the line is never reached. Either way, I am still getting the error: ldap_delete: Insufficient access (50) additional info: no write access to parent
Is there something that I could check to figure what is wrong?
Sincerely,
Igor Shmukler