如何为 olcAccess 换行？

我尝试通过在新行开头添加空格来定义访问权限。但我收到语法错误，我不明白：

# ldapmodify -Y EXTERNAL -Q -H ldapi:///
dn: olcDatabase={2}hdb,cn=config
add: olcAccess
olcAccess: to *
 by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
 by self write
 by anonymous auth
 by * read

modifying entry "olcDatabase={2}hdb,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
        additional info: <olcAccess> handler exited with 1

如果我删除换行符并将所有内容放在一行中，它就可以工作：

# ldapmodify -Y EXTERNAL -Q -H ldapi:///
dn: olcDatabase={2}hdb,cn=config
add: olcAccess
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by self write by anonymous auth by * read

modifying entry "olcDatabase={2}hdb,cn=config"

第一个版本有什么问题？

守护进程记录：

Feb 28 14:33:59 k3ls slapd[21199]: slapd: line 0: missing "=" in "*by" in to clause
Feb 28 14:33:59 k3ls slapd[21199]: <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ 
                                   <what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>]
                                   <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist>
                                   <attrlist> ::= <attr> [ , <attrlist> ]
                                   <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children
                                   <who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
                                           [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ]
                                           [dnattr=<attrname>]
                                           [realdnattr=<attrname>]
                                           [group[/<objectclass>[/<attrname>]][.<style>]=<group>]
                                           [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]
                                           [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]
                                           [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]]
                                           [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
                                   <style> ::= exact | regex | base(Object)
                                   <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex
                                   <attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children
                                   <peernamestyle> ::= exact | regex | ip | ipv6 | path
                                   <domainstyle> ::= exact | regex | base(Object) | sub(tree)
                                   <access> ::= [[real]self]{<level>|<priv>}
                                   <level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage
                                   <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+
                                   <control> ::= [ stop | continue | break ]
                                   dynacl:
                                           <name>=ACI        <pattern>=<attrname>

我不明白哪里缺少了作业？