Igor Shmukler wrote:
If there is no way to grant access to all records across all databases to cn=config [because it is not a user], I would go for having a [different] user who can delete records in multiple DITs[, by invoking LDAPI or whatever].
You should really analyze this example configuration:
https://build.opensuse.org/package/view_file/home:stroeder:branches:network:...
Ciao, Michael.