--On Thursday, August 30, 2018 3:17 PM -0500 Bill Bradford mrbill@mrbill.net wrote:
Trying to give a single user "read only" access to everything in the database including userPassword info.
Here's the LDIF file I'm using w/ldapmodify:
dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=domain,dc=com" write
This should also be dn.exact
by dn.exact="uid=romanager,ou=Users,dc=domain,dc=com" read
Are you sure this is the DN returned by ldapwhoami?
Past that, I'd suggest you test with slapacl and potentially ACL level debugging.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com