1 files changed, 14 insertions, 9 deletions

diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif
index 409051b..945ccce 100644
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@@ -4,15 +4,20 @@ objectClass: olcHdbConfig
 olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb
 olcDbDirectory: /var/lib/ldap
 olcSuffix: @@@REALM_DCNAME@@@
-olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName
- ,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags  by dn.base="uid=
- @@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write  by sock
- url.regex="^ldapi:///$" write  by anonymous auth  by self write  by * none
-olcAccess: {1}to dn.base=""  by * read
-olcAccess: {2}to *  by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm
- ,@@@REALM_DCNAME@@@" write  by sockurl.regex="^ldapi:///$" write by dynacl/ac
- i write  by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou
- =core,ou=realm,@@@REALM_DCNAME@@@" write
+olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags
+  by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+  by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@"
+  by sockurl.regex="^ldapi:///$" write
+  by anonymous auth
+  by self write
+  by * none
+olcAccess: {1}to dn.base=""
+  by * read
+olcAccess: {2}to *
+  by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+  by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+  by sockurl.regex="^ldapi:///$" write
+  by dynacl/aci write
 olcAddContentAcl: FALSE
 olcLastMod: TRUE
 olcMaxDerefDepth: 15