Table of Contents

Utils

cn=config

Historically OpenLDAP has been statically configured, that is, to make a change to the configuration the slapd.conf file was modified and slapd stopped and started. In the case of larger users this could take a considerable period of time and had become increasingly unacceptable as an operational method.

Typically in your OpenLDAP installation you have at least two trees:

ACL

https://www.openldap.org/doc/admin24/access-control.html

Order matters in ACL rules. LDAP will stop looking on the first match. So new acl entries should be inserted before default ones.

Default entries:

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=example,dc=org" write by anonymous auth by * none
olcAccess: {1}to * by self read by dn="cn=admin,dc=example,dc=org" write by * none

Giving user: uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com rights:

Examples

olcAccess: {1}to dn.base="" by * read