Thanks. I fixed
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcAccess olcAccess: to attrs=userPassword by self write by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write by anonymous auth by * none olcAccess: to * by self write by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write by * read
and applied on another OpenLDAP ldapmodify -Y EXTERNAL -H ldapi:/// -f acladm.ldif
However, a member of the ldap_admins group does not have full access.
If you don't mind, can you help ? 1) is the acl correct ? 2) Is it possible to make an acl for POSIX group in a different way ?[cid:9AE1E1EF-84EE-499C-B664-8834BBAA23B7] 11 авг. 2020 г., в 18:45, Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> написал(а):
--On Tuesday, August 11, 2020 1:55 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com write
You're missing an end quote.
group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" <-----
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com