[FIX] #402: grant root manage access to database
ldapmodify with ldapi:/// fails otherwise
diff --git a/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif b/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
index 3a3a458..a04e686 100644
--- a/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
+++ b/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
@@ -3,5 +3,6 @@
delete: olcAccess
-
add: olcAccess
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous auth by * none
olcAccess: to * by self read by dn="cn=admin,{{ LDAP_BASE_DN }}" write by * none
diff --git a/image/service/slapd/assets/config/bootstrap/ldif/readonly-user/readonly-user-acl.ldif b/image/service/slapd/assets/config/bootstrap/ldif/readonly-user/readonly-user-acl.ldif
index 56f7728..e5123e6 100644
--- a/image/service/slapd/assets/config/bootstrap/ldif/readonly-user/readonly-user-acl.ldif
+++ b/image/service/slapd/assets/config/bootstrap/ldif/readonly-user/readonly-user-acl.ldif
@@ -3,5 +3,6 @@
delete: olcAccess
-
add: olcAccess
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous auth by * none
olcAccess: to * by self read by dn="cn=admin,{{ LDAP_BASE_DN }}" write by dn="cn={{ LDAP_READONLY_USER_USERNAME }},{{ LDAP_BASE_DN }}" read by * none
