From 859e6c7f872535c787c9056d20c40f197dd9abf8 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 1 Mar 2018 14:48:01 +0100
Subject: [PATCH] Fix the variable that sets the base DN. Add entries to set
 the main ACLs

---
 openldap-server/templates/base-dn.ldif.j2 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/openldap-server/templates/base-dn.ldif.j2 b/openldap-server/templates/base-dn.ldif.j2
index 8ef02fe3..cbf5dcf4 100644
--- a/openldap-server/templates/base-dn.ldif.j2
+++ b/openldap-server/templates/base-dn.ldif.j2
@@ -7,3 +7,18 @@ dn: olcDatabase={1}hdb,cn=config
 changetype: modify
 replace: olcRootDN
 olcRootDN: cn={{ openldap_admin_user }},{{ openldap_base_dn }}
+
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * none
+
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {1}to dn.base="" by * read
+
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {2}to * by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * read