######################### To modify openldap ACL######################### de

1. ########################
2. # To modify openldap ACL
3. ########################
4.  
5. # delete the existing ACL
6.  
7. # delete-acl.ldif
8. dn: olcDatabase={1}hdb,cn=config
9. changetype: modify
10. delete: olcAccess
11. olcAccess: {0}
12. olcAccess: {1}
13.  
14. # Add ACL for
15. # 'userPassword' write access to 'admin' and 'itadmin'
16. # read access to anonymous
17. # write access to self
18.  
19. # add-acl.ldif
20. dn: olcDatabase={1}hdb,cn=config
21. changetype: modify
22. add: olcAccess
23. olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=in" write by dn="uid=itadmin,ou=people,dc=example,dc=in" write by anonymous auth by self write by * none
24. olcAccess: to dn.base="" by * read
25. olcAccess: to * by self write by dn="cn=admin,dc=example,dc=in" write by * read
26.  
27.  
28. # To add acl use ldapmodify cmd in shell prompt
29. $ HOST=cit_openldap
30. $ CFGPASS=configpass
31. $ ldapmodify -x -h $HOST -D "cn=admin,cn=config" -w $CFGPASS -f /tmp/dacl.ldif