Hi,
According: http://www.openldap.org/lists/openldap-technical/201509/msg00133.html
The {3} rule is never used because {2} match everythink (to * by * read). nobody has write privilege except rootdn (cn=admin,dc=mydomain,dc=com) who, by the way, does not need an explicit configuration for that.
Cheers.
Le 18/10/2015 10:40, Ervin Hegedüs a écrit :
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="cn=admin,dc=mydomain,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=mydomain,dc=com" write by * read olcAccess: {3}to dn.subtree="ou=public,ou=rcabook,dc=mydomain,dc=com" by users writ e olcLastMod: TRUE ...
Which privileges do I need to add, for all user would add the entries to subtree?
Thanks,
a.