--On Tuesday, May 19, 2020 3:13 PM -0700 Gao gao@pztop.com wrote:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.ba se="cn=Manager,dc=van,dc=company,dc=com" write by * none
You need to use ldapmodify to update the ACL. Thankfully this can be done rather easily:
ldapmodify ... dn: olcDatabase={2}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {0} - add: olcAccess olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=van,dc=company,dc=com" write by <rep user dn> read
I left off the by * none as it's implicit, as described in the slapd.access(5) man page
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com