Simone Taliercio wrote:
> access to *
> by self write
> by anonymous auth
> by users search
> The only way to workaround that issue is removing any ACL or leaving "by users
Looking at the ACL above you likely run into a misunderstanding.
You should carefully read slapd.access(5). Especially the very important
section "THE ACCESS DIRECTIVE" describes significance of order of <what> and
<who> clauses and that the checking stops at the first matching <what> and
<who> clause (if control flow is not explicitly redirected).
Given the example above you might rather want this:
access to *
by self write
by users search
by * auth
Also it's very handy to run slapd -d stats,acl [..other params..] to get ACL
debugging displayed on console.