How to give write permissions to the LDAP user?

A fresh ubuntu server with a fresh slapd. The user base is used to external applications like mail and so on. How to create a user by the administrator, who will write and edit specific branches? Or promote an existing user to these rights. Thank you
March 19th 20 at 08:45
2 answers
March 19th 20 at 08:47
Remember, at a time when there was OpenLDAP instead of AD, needed to create a user who could read a whole directory and pull a list of users. The meaning is something like this:
See current admin rights:
ldapsearch -xZZLLLWD cn=admin,dc=example,dc=com -b olcDatabase={1}mdb,cn=config olcAccess

We need to do about the same.
Create an LDIF file with approximately this content:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to dn.sub="dc=example,dc=com"
by self write
by anonymous auth

And load it into LDAP:
ldapmodify -xZZWD cn=admin,dc=example,dc=com -f file.ldif

You need to do something like that, but to edit specific branches with podvedomi more here you can read:
www.openldap.org/doc/admin24/access-control.html
https://pro-ldap.ru/books/openldap-ubuntu-in-pract...

If possible, post the contents of your ldif, I think someone will need as an example.
March 19th 20 at 08:49
I decided your question this way :
1) Obtain the right for cn=config(I understand, like the main admin)- replacing them
in .ldif (create a file with the following contents)
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: vashparol
after sudo ldapmodify -Y EXTERNAL-H ldapi:/// -f filename.ldif

2) give the right from the far branches of the root branches.
ldapmodify -D cn=config -H ldapi:/// -W-f file.ldif
an example of the import format
Anonymous can log in and read. These reasons can write to their branches. The lower the user in this list, the more root branches have access
The right-rules for each branch to write from more specific to more General.

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="ou=Service veterinary ou=Services committees and others,ou=addressbook,dc=blabla,dc=ru"
by dn="cn=vet,ou=Service veterinary, ou=Services committees and others,ou=addressbook,dc=blablal,dc=de" manage
by anonymous read
by * read
olcAccess: to dn.subtree="ou=Departments,ou=addressbook,dc=blabla,dc=ru"
by dn="cn=editor,ou=development Department ,ou=Departments,ou=addressbook,dc=blabla,dc=de" manage
by anonymous read
by * read
olcAccess: to dn.subtree="ou=addressbook,dc=blabla,dc=ru"
by dn="uid=myuser,ou=addressbook,dc=blabla,dc=de" manage
by anonymous read
by * read

olcAccess: to *
by self read
by * read

Find more questions by tags LDAPLinux