Unable to retrieve schema message with ANY slapd acl set

Hi Roland, I know this is not specifically a LAM problem, but once I set acls
in my openLDAP configuration to limit what anonymous or any user can see, LAM
is unable to access the schema any longer.  With no acls set, LAM is 100%
happy including the lamdaemon test - and functionality.

So basically, I want to allow anon auth to the user's password(s) attrs, but
let the users have write access to change them.

The second acl unfortunately requires that anonymous can read more than I want
it to, but this is because they all seem to be required for ssh logins to
function (I removed and added them one at a time to verify... painful...) This
is a separate problem for another day I think. :)

This acl also allows a user to search the directory, but only see their some
of their own information.

The last one basically allows all access to the ldap admin user.

I have seen mention of subschema and someone creating a specific acl for it,
but I not for the life of me find out what that is exactly referring to.

Can you offer any help to allow LAM to browse the schema while still allowing
some level of security?

--[snip]--
access to attrs=userPassword,sambaNTPassword
        by dn="uid=ldapadmin,ou=People,dc=MyDomain,dc=local" write
        by anonymous    auth
        by self         write