--On Tuesday, May 19, 2020 3:13 PM -0700 Gao <gao(a)pztop.com> wrote:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth
by
dn.ba
se="cn=Manager,dc=van,dc=company,dc=com" write by * none
You need to use ldapmodify to update the ACL. Thankfully this can be done
rather easily:
ldapmodify ...
dn: olcDatabase={2}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
-
add: olcAccess
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by
dn.base="cn=Manager,dc=van,dc=company,dc=com" write by <rep user dn> read
I left off the by * none as it's implicit, as described in the
slapd.access(5) man page
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>