== Load Service User LDIF ==
Load the newly created <code>services-administration.ldif</code> into the OpenLDAP directory:
{{Cmd
|/usr/bin/ldapadd -W -M -H "ldaps://ldapm.stoney-cloud.org" -x -D "cn{{=}}Manager,dc{{=}}stoney-cloud,dc{{=}}org" -f services-administration.ldif
|output=<pre>
Password: ***********
adding new entry "cn=cloud,ou=services,ou=administration,odc=steppingstoney-stonecloud,cdc=chorg"
</pre>
}}
== Modify the ACL's ==
{{RootCmd
|$EDITOR /etc/openldap/acl/slapd.acl.people.conf
}}
{{File|/etc/openldap/acl/slapd.acl.people.conf||<source lang='bash'>
# cloud needs access to the people subtree
access to dn.base="ou=people,dc=stoney-cloud,dc=org"
attrs=entry
by dn.exact="cn=cloud,ou=services,ou=administration,dc=stoney-cloud,dc=org" read
by dn.regex="uid=([0-9]+),ou=people,dc=stoney-cloud,dc=org" read
by * break
access to dn.one="ou=people,dc=stoney-cloud,dc=org"
attrs=entry,objectClass,mail,sstEmployeeOfUID,givenName,sn,sstIsActive,cn
by dn.exact="cn=cloud,ou=services,ou=administration,dc=stoney-cloud,dc=org" read
by * break
</source>}}
[[Category:OpenLDAP directory]]