dn: olcDatabase={1}{{ LDAP_BACKEND }},cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: to * by dn="cn=admin,{{ LDAP_BASE_DN }}" manage by * break
olcAccess: to * by set.expand="([cn=ldap_admin,ou=groups,{{ LDAP_BASE_DN }}])/member & user" write by * break
olcAccess: to attrs=userPassword,shadowLastChange by self =w by anonymous auth by * none
olcAccess: to * by self read by dn="cn={{ LDAP_READONLY_USER_USERNAME }},{{ LDAP_BASE_DN }}" read by * none