I think you should also have a look on the order of you ACLs. If you place a "access to *" before a "access to dn.children" the second will not be evaluated (if there is no "break"...)
Cheers,
-Markus-
access to * by dn="cn=admin,dc=example,dc=com" write by * read
access to dn.children="ou=abk1,ou=Addressbooks,dc=example,dc=com" by dn="cn=admin,dc=example,dc=com" write by groupOfNames="cn=abk-admin,ou=Roles,dc=example,dc=com" write by groupOfNames="cn=abk-user,ou=Roles,dc=example,dc=com" read by * none
I searched around and changed dn.children by dn.subtree and dn.one but the result is the same. I can read the entries but I cannot insert or delete an entry. I can only do this with admin but only if the line for admin is defined. What did I do wrong or understood wrong? I tried to find the answer on the internet but was not able :(
OpenLDAP: slapd 2.4.23 (Jun 16 2011 02:53:39) Debian 6.0.6
Regards,
Marco