# access levels
defaultaccess read
access to * by dn="cn=manager,o=contacts.company.net" write
access to dn=".*,ou=people,o=contacts.company.net"
by dn="cn=admin,o=contacts.company.net" write
by * read
access to dn=".*,ou=groups,o=contacts.company.net"
by dn="cn=admin,o=contacts.company.net" write
by * read
When I do this though I just get read access when I am binding to the cn=admin user account. The bind operation seems to work fine, but can't modify anything in the ou=people or ou=groups trees when using admin. cn=manager is the root dn, and that works fine.
Can anyone help me see what I am doing wrong? I am using openldap 1.2.9, if it matters.
Thanks.
-- Daniell Freed Computer Services Dewitt, Ross, & Stevens S.C. He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. Beyond Good and Evil Friedrich Wilhelm Nietzche