On Tue, Aug 02, 2016 at 12:37:58AM -0400, John Lewis wrote:
How do I allow root aka dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to edit olcDatabase={1}mdb,cn=config.
Besides olcAuthRegex mentioned by other posters, setting up an explicit access control entry for that DN is another option.
If you installed slapd from the Debian archive, the default access rules for the config database include:
# Config db settings dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config # Allow unlimited access to local connection from the local root user olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
You could grant root-like access to the root user by copying that access line to your mdb database.