Thanks. I fixed

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword
  by self write
  by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write
  by anonymous auth
  by * none
olcAccess: to *
  by self write
  by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write
  by * read

 and applied on another OpenLDAP ldapmodify -Y EXTERNAL -H ldapi:/// -f acladm.ldif

However, a member of the ldap_admins group does not have full access.

If you don't mind, can you help ? 
1) is the acl correct ?
2) Is it possible to make an acl for POSIX group in a different way ?
11 авг. 2020 г., в 18:45, Quanah Gibson-Mount <quanah@symas.com> написал(а):



--On Tuesday, August 11, 2020 1:55 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.ru> wrote:

 by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com write


You're missing an end quote.

group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" <-----

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>