Anonymous Bind ACL Problems

[Dark Morford <darkmorford+ldap@gmail.com>]

I'm setting up my first LDAP server; just using it as an auth provider
for Apache until I'm more comfortable with things. I was able to get it
up and running with a few user entries, but I can't get anonymous

searching to work the way I want.

It's configured (cn=config) style, and the ACLs are:
{0}to attrs=uid by anonymous read by users read
{1}to attrs=userPassword by anonymous auth by self write

{2}to * by users read

Searching for a user as the rootDN works fine:

shawn@aquamarine:~$ ldapsearch -x -D 'cn=Manager,dc=darkmorford,dc=net' -W -b 'dc=darkmorford,dc=net' '(uid=smorford)' uid

Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <dc=darkmorford,dc=net> with scope subtree
# filter: (uid=smorford)
# requesting: uid #

# smorford, Users, darkmorford.net

dn: uid=smorford,ou=Users,dc=darkmorford,dc=net
uid: smorford

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

But doing the same search anonymously can't find the user:

shawn@aquamarine:~$ ldapsearch -x -b 'dc=darkmorford,dc=net' '(uid=smorford)' uid
# extended LDIF
#
# LDAPv3
# base <dc=darkmorford,dc=net> with scope subtree

# filter: (uid=smorford)
# requesting: uid #

# search result
search: 2
result: 32 No such object

# numResponses: 1

I have to assume that something in the ACL is blocking the anonymous

search. How do I fix this?