LDAP OpenLDAP – Fix ldap_add: Insufficient Access (50)

I suggest you enable the LDAP log and take a look at this. On Red Hat based distros, you can do it by following steps:

1. Set a syslog facility:

   cat /etc/sysconfig/ldap 
   SLAPD_OPTIONS="-l local4"
   

2. Specify a log file for OpenLDAP in /etc/syslog.conf:

   # OpenLDAP log
   local4.*            /var/log/ldap.log
   

3. touch /var/log/ldap.log and restart syslogd

On other distros, at the step one, simply add the -l local4 into the start() function in your init script.

EDIT

Set loglevel to 128 (ACL processing) and try again.

EDIT 2

cannot assess the validity of the ACL scope within backend naming context

Put the ACLs before the backend context:

access to attrs=userPassword 
 by self write
 by users read 
 by * none
access to *
 by self write
 by users read
 by * none

database    bdb
suffix "dc=monzell,dc=com"
checkpoint  1024 15
rootdn "cn=root,dc=monzell,dc=com"
rootpw <REDACTED
directory   /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
database monitor

CN=ms-Exch-Extension-Attribute-14,CN=Schema,CN=Configuration,DC=example,DC=com

Its rangeUpper is 2048.

See MSDN for more details: http://msdn.microsoft.com/en-us/library/ms980479(v=exchg.65).aspx