Openldap ldapmodify acl invalid DN

Question

I can't figure out why ldapmodify won't accept my grantuserall2.ldif I want to archieve that ou=service,uid=dovecot can read userPassword. Unfortunately ldapmodify won't even accept a simple acl :D I am stuck with the error:

ldapmodify -h localhost -p 389 -D "cn=admin,dc=example,dc=com" -w ****** -f /etc/ldap/grantuserall2.ldif
modifying entry "olcDatabase{1}hdb,cn=config"
ldap_modify: Invalid DN syntax (34)
additional info: invalid DN

grantuserall2.ldif:
dn: olcDatabase{1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {3}to *
    by self write
    by users read
    by * none

ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -w ******  olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
 s auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * re
 ad
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: {SSHA}***********************************
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq

My DIT is similar to this: https://i.sstatic.net/GcAPL.png

I would appricate any help. Good night ^^

Openldap ldapmodify acl invalid DN

Answers (1)

Related Questions