I want to modify some rights in my LDAP database, so I noticed that slapd.conf is no more. What I wanted to do is to add the following lines to slapd.conf :
access to dn.subtree="ou=contacts,dc=example,dc=org"
by self write
by dn="cn=addressbookuser,ou=people,dc=example,dc=org" write
by * break
How would I do this with the new method ?
@lsd is correct on the documentation.
I will add an example to maybe give you a jump-start.
echo "dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to dn.subtree=\"ou=contacts,dc=example,dc=org\"
by self write
by dn=\"cn=addressbookuser,ou=people,dc=example,dc=org\" write
by * break
" | ldapmodify -H ldapi:/// -Y external
You can also save the ldif to file and use -f <file> instead of piping from stdin and avoid having to escape the "s.
You probably have dynamic configuration set up. Look at section 8.3 of https://www.openldap.org/doc/admin24/access-control.html
I've never done it myself (I switched to freeipa before openldap 2.4), but you basically have to create an ldif file with the specific acl's you want, then edit the dynamic config with the ldap commands (section 8.3.5 has some examples).
