Tried those searches above and they didn't work so I went with
commenting out the ACLs and adding in "access to * by * write" and
things started working as expected.
Now I need to rewrite my ACLs I guess. Here's what I have:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
access to dn=".*,dc=cougarnet,dc=bible,dc=edu" attr="userPassword"
by dn="cn=Manager,ou=people,dc=cougarnet,dc=bible,dc=edu" write
by dn="cn=samba,ou=People,dc=cougarnet,dc=bible,dc=edu" write
by self write
by * auth
Looks to me like "access to * by anonymous auth" and "access to dn="..."
attr="userPassword by * auth" should allow this, but obviously I'm
wrong.
Thanks for helping me out with this. It's good to know that we now know
what the problem is and seems like it should be easy to fix with a bit
more knowledge on my part. Appreciate it.
Does dn.base="" equate to dn=".*,dc=cougarnet,dc=bible,dc=edu"?