I read the man page, but I guess I understood that the first rule only matched everything as a far as "what" to access. I thought it went what, who, permissions My intent was to enable both of these to work. Access to all dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage and access to all dn.base=" cn=Manager,dc=local,dc=bob,dc=com" to manage as well
Then it is a single ACL:olcAccess: {0} to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=Manager,dc=local,dc=bob,dc=com" manage
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>