@Nathan: yes, rereading the slapd.access manpage I think you're right, the first match will define level of access:
<<Access control checking stops at the first match of the <what> and <who> clause, unless otherwise dictated by the <control> clause.>> Also, given that: <<Each <who> clause list is implicitly terminated by a "by * none stop" clause that results in stopping the access control with no access privileges granted>> I think the right way is to completely replace the existing olcAccess: {0} line by olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage break and remove the new olcAccess: {1} line. I'll file a new bug about this. -- slapd package configuration aborts due to "ordered_value_sort failed on attr olcAccess" error during Hardy -> Lucid upgrade https://bugs.launchpad.net/bugs/538516 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs