--On Tuesday, September 12, 2017 10:40 PM -0500 Nick Gray nick@graysaustin.com wrote:

I read the man page, but I guess I understood that the first rule only matched everything as a far as "what" to access. I thought it went what, who, permissions

My intent was to enable both of these to work.

Access to all dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage and access to all dn.base=" cn=Manager,dc=local,dc=bob,dc=com" to manage as well

Then it is a single ACL:

olcAccess: {0} to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=Manager,dc=local,dc=bob,dc=com" manage

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com