Hi Peter,
--On Tuesday, October 23, 2018 2:48 PM +0000 "Heinemann, Peter G" phei@isc.upenn.edu wrote:
access to dn.subtree="dc=university,dc=edu" by dn.exact="cn=grouper-admin,dc=university,dc=edu" write by * break
Why do you have by * break if it is the only acl? Should just be:
access to dn.subtree="dc=university,dc=edu" by dn.exact="cn=grouper-admin,dc=university,dc=edu" write
However, if this is your only ACL, I'm not clear how you're going to be able to authenticate as the user unless you're doing some SASL regexp mapping? Otherwise, anonymous *must* have auth access to the userPassword attribute for simple binds to function.
Also unclear to me how slapacl would result in "read" access vs "none" if that is your only ACL. It sounds like there's more at play here than the snippets you've provided.
Warm regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com