diff --git a/playbook/multimaster.yml b/playbook/multimaster.yml
index 464e61f..dcef45c 100644
--- a/playbook/multimaster.yml
+++ b/playbook/multimaster.yml
@@ -56,8 +56,9 @@
     ldaptoolbox_olcPasswordHash: "{SSHA256}"
     # Access rights
     ldaptoolbox_openldap_access_list:
-       - to attrs=userPassword  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" =wxd  by group/groupOfNames/member.exact="cn=admin,ou=groups,{{ ldaptoolbox_openldap_suffix }}" =wxd  by dn.base="uid=syncrepl,ou=accounts,ou=infrastructure,{{ ldaptoolbox_openldap_suffix }}" read  by self =wxd  by * auth
-       - to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage  by group/groupOfNames/member.exact="cn=admin,ou=groups,{{ ldaptoolbox_openldap_suffix }}" write  by users read
+       - to *  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+       - to attrs=userPassword  by group/groupOfNames/member.exact="cn=admin,ou=groups,{{ ldaptoolbox_openldap_suffix }}" =wxd  by dn.base="uid=syncrepl,ou=accounts,ou=infrastructure,{{ ldaptoolbox_openldap_suffix }}" read  by self =wxd  by * auth
+       - to *  by group/groupOfNames/member.exact="cn=admin,ou=groups,{{ ldaptoolbox_openldap_suffix }}" write  by users read
     # Indexes definition
     ldaptoolbox_openldap_database_olcDbIndexes:
        - "entryCSN,entryUUID eq"
diff --git a/templates/var/backups/openldap/config.ldif b/templates/var/backups/openldap/config.ldif
index 7772690..2c58e34 100644
--- a/templates/var/backups/openldap/config.ldif
+++ b/templates/var/backups/openldap/config.ldif
@@ -111,8 +111,7 @@ olcSortVals: {{ ldaptoolbox_openldap_olcSortVals }}
 dn: olcDatabase={0}config,cn=config
 objectClass: olcDatabaseConfig
 olcDatabase: {0}config
-olcAccess: {0}to attrs=userPassword  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" =wxd  by * auth
-olcAccess: {1}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
 olcAddContentAcl: TRUE
 olcLastMod: TRUE
 olcLastBind: TRUE
@@ -202,7 +201,7 @@ objectClass: olcDatabaseConfig
 olcDatabase: {2}monitor
 olcRootDN: {{ ldaptoolbox_openldap_monitor_olcRootDN }}
 olcRootPW: {{ ldaptoolbox_openldap_monitor_olcRootPW_hash }}
-olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
 olcAddContentAcl: FALSE
 olcLastMod: TRUE
 olcLastBind: TRUE