Hello, I am using OpenLDAP 2.4.40 on CentOS 7.6. I tried to remove 2 ACL entries and failed. I must missed something so please help me. I now have: dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=van,dc=company,dc=com olcRootDN: cn=Manager,dc=van,dc=company,dc=com olcRootPW:: e1NTSEF9cEpWbEIzOEh4UXJpcjNVSUl2enZz0sm1akt4Nnd6OTk= olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub structuralObjectClass: olcHdbConfig entryUUID: 3b7e5722-d26f-1035-8835-91213c5bb357 creatorsName: cn=config createTimestamp: 20160629180122Z olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.ba se="cn=Manager,dc=van,dc=company,dc=com" write by * none olcAccess: {1}to * by self write by dn="cn=Manager,dc=van,dc=company,dc= com" write by * read entryCSN: 20200427230612.038641Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20200427230612Z Then I created a LDIF file: # cat delete_acl.ldif dn: olcDatabase={2}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {0} olcAccess: {1} Now try to delete the ACL: # ldapmodify -Y EXTERNAL -H ldapi:/// -f delete_acl.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={2}hdb,cn=config" # When I check with "slapcat -n 0" I see the 2 olcAssess entires is still exist. Please help. Thanks. Gao