Thanks. One more related question: are special rules needed for the config information, like an ACL just for cn=config so the ldapadmins can make changes w/o needing a rootDN?
You can certainly add an olcAccess rule to the cn=config db that allows DNs from outside of cn=config to make modifications.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>