ACL problems with various groups in the by <who> section

["Christian Gilmore" <Christian_Gilmore@tivoli.com>]

Hello. I'm running solaris 2.6 with openldap-1.2.9. I'm attempting to
introduce a new group into the ACL without success. Here's the configuration
I'm going for:

access to *
 by group="cn=Foo,ou=web,ou=groups,o=Tivoli Systems" write
 by group="cn=OrgChart Admins,ou=web,ou=groups,o=Tivoli Systems" write

Access for group OrgChart Admins is granted, but those on group Foo get the
response of "Insufficient Privileges." As far as I can see, it should work
just dandy. Here's Foo's and OrgChart Admins's records:

cn=OrgChart Admins,ou=web,ou=groups,o=Tivoli Systems
cn=OrgChart Admins
ou=web
ou=groups
o=Tivoli Systems
objectclass=tivoliGroup
objectclass=groupOfNames
member=uid=jbodnar,ou=internal,ou=people,o=Tivoli Systems
member=uid=mhogan,ou=internal,ou=people,o=Tivoli Systems
member=uid=aashwort,ou=internal,ou=people,o=Tivoli Systems
member=uid=eloliver,ou=internal,ou=people,o=Tivoli Systems
creatorsname=cn=root, o=Tivoli Systems
createtimestamp=20000510205814Z
modifytimestamp=20000522210549Z
modifiersname=uid=cgilmore, ou=internal, ou=people, o=Tivoli Systems
owner=uid=cgilmore, ou=internal, ou=people, o=Tivoli Systems

cn=Foo,ou=web,ou=groups,o=Tivoli Systems
cn=Foo
ou=web
ou=groups
o=Tivoli Systems
objectclass=tivoliGroup
objectclass=groupOfNames
member=uid=cgilmore, ou=internal, ou=people, o=Tivoli Systems
creatorsname=uid=cgilmore, ou=internal, ou=people, o=Tivoli Systems
modifiersname=uid=cgilmore, ou=internal, ou=people, o=Tivoli Systems
createtimestamp=20000605202702Z
modifytimestamp=20000605202702Z

Any ideas?

Regards,
Christian

-----------------
Christian Gilmore
Web Application Developer
Web & Multimedia Development
Tivoli Systems, Inc.