# [solved] ldap - ACL issues

## bunder

setting up my ldap again.  hoping i don't get snagged by the 2hour boot "bug"   :Laughing: 

reason i'm posting is that the acl in the "old" guide to openldap authentication doesn't seem to work anymore.

here's the acl for those who don't know what it looked like:

```
access to *

  by dn="uid=root,ou=people,dc=genfic,dc=com" write

  by users read

  by anonymous auth

access to attrs=userPassword,gecos,description,loginShell

  by self write

```

does this still look right, or is there a better one i could use?

----------

## bunder

i tried turning up logging...

```
<= acl_mask: [3] applying auth(=xd) (stop)

<= acl_mask: [3] mask: auth(=xd)

=> slap_access_allowed: search access denied by auth(=xd)

=> access_allowed: no more rules
```

is what i get when i try logging in with a ldap user.

----------

## bunder

bump.

nobody has a working ACL that i could use?

----------

## bunder

solved - this is my acl - and it works.

```
access to attrs=userPassword

            by self write

            by anonymous auth

            by dn="uid=root,ou=people,dc=xxxxx,dc=com" write

            by * none

access to *

            by self write

            by dn="uid=root,ou=people,dc=xxxxx,dc=com" write

            by * read
```

----------

