olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com"Âwrite by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com"Âwrite by * read
Here is what I think I want:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com"Âwrite by * none
olcAccess: {1}to attrs=shadowLastChange by * read
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read
Here is the file I think I should use to accomplish this:
changetype: modify
delete: olcAccess
olcAccess: {1}
-
add: olcAccess
olcAccess: {1}to attrs=shadowLastChange by * read
-
delete: olcAccess
olcAccess: {2}
-
add: olcAccess
olcAccess: {2}to dn.base="" by * read
-
add: olcAccess
olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read
And, of course, before I do this I will shutdown ldap, slapcat a backup, and restart. Does this look right?
thanks,
maria