This is all done and working. In the end, the changes I needed were:
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
dn: dc=example,dc=com
changetype: modify
delete: aci
aci: (targetattr!="userPassword || aci")(version 3.0; acl "Enable
anonymous access"; allow (read, search, compare) userdn="ldap:///anyone";;)
dn: dc=example,dc=com
changetype: modify
add: aci
aci:
(target="ldap:///($dn),dc=example,dc=com")(targetattr!="userPassword ||
aci")(version 3.0;acl "aci";allow (read,search)
userdn="ldap:///cn=*,[$dn],dc=example,dc=com";;)
This page was also useful:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/managing_access_control-advanced_access_control_using_macro_acis
Many thanks to Olivier Judith, Mark Raynolds, and Ludwig Krispenz for
their help!
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
