What am I doing wrong with these olcAccess settings?

[amm....@gmail.com]

Hello,

I need a small advice on setting the right access rules via a rather primitive olcAccess statement,
somehow it does not work as I hoped.. I just need a simple "bind" user allowed to perform
typical searches in the current tree. And at the same time I need to allow any authenticated user
to see his/her own data.

That's what I have:
-----------------------------
olcAccess: {0}to attrs=userPassword
 by self write
 by dn.base="cn=Manager,dc=example,dc=com" write
 by anonymous auth
 by * none

olcAccess: {1}to *
 by self read
 by dn.base="cn=Manager,dc=example,dc=com" write
 by dn="uid=userbind,ou=Users,dc=example,dc=com" read"
------------------

With these settings, I can do authenticated searches as dn="uid=userbind,ou=Users,dc=example,dc=com",
with a filter "uid=someusername". But the weird thing is that other authenticated but non-privileged users cannot
access their own data. I thought that  "to * by self read"  should do the trick, but somehow this does not work..

Thanks ahead for any comment!

Andy.





 
 
- a