Full LDAP write access on entire tree


Hi there,

Got a test setup with RCDevs 2FA solution and a Univention UCS but am running into some snags. I’ve got the feeling it’s caused by not having enough LDAP access rights. So for this test case i want create an account with full write access to the whole LDAP tree.

I’ve found several posts and wiki entries that give me some hints, but whatever i put at the top of the ACL list in slapd.conf, the most i get is write access to the users OU.

Can someone tell me how to achieve this?
I’m pulling out whatever hair i have left on my head on this one.


If its just for testing purposes you could also use the cn=admin account. It’s password is stored in a text file directly below /etc.

If it’s not for testing then you should of course create a dedicated user.


@fbartels: Thanks, that will at least let me test if i’m correct about the LDAP access rights for the moment.

If anyone has input on how to achieve this ‘the right way’ on UCS, it would be much appreciated.