From bd140d61b6b33023804ff6fe21c57fd022f4bfa7 Mon Sep 17 00:00:00 2001
From: Gilles Mouchet <gilles.mouchet@gmail.com>
Date: Wed, 1 Jan 2025 17:39:05 +0100
Subject: [PATCH] fixed change acl

---
 ldap-init.sh | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ldap-init.sh b/ldap-init.sh
index 4713b25..c2b54a6 100755
--- a/ldap-init.sh
+++ b/ldap-init.sh
@@ -158,14 +158,13 @@ memberuid: sarah.mouchet
 EOF
 
 echo "change ACL"
-docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
+docker exec openldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
 replace: olcAccess
 olcAccess: to attrs=userPassword
   by self write
   by anonymous auth
-  by dn.base="cn=admin,$LDAP_ROOT" write
   by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
   by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
   by anonymous  auth
@@ -179,6 +178,15 @@ olcAccess: to *
   by * none
 EOF
 '
+docker exec openldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
+dn: olcDatabase={1}monitor,cn=config
+changetype: modify
+add: olcAccess
+#replace: olcAccess
+olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externalcn=auth" read
+  by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" read by * none
+EOF
+'
 
 #echo "Change organization name"
 #ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF