After I did change to ACL {0} regarding access to userPassword for Samba/LDAP integration I saw strange thing:

dn: olcDatabase={3}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcSuffix:
olcAccess:: ezB9dG8gYXR0cnM9dXNlclBhc3N3b3JkIGJ5IGFub255bW91cy BhdXRoIGJ5IGRuLm
NoaWxkcmVuPSJjbj1hZG1pbnMsY249emltYnJhIiB3cml0ZSBi eSBkbi5leGFjdD0idWlkPXptcG9
zaXhyb290LGNuPWFwcGFjY3RzLGNuPXppbWJyYSIgd3JpdGUgY nkgZG4uZXhhY3Q9InVpZD16bXBv
c2l4LGNuPWFwcGFjY3RzLGNuPXppbWJyYSIgcmVhZAkJICAgIC A=
olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"
write

... we don't have normal text for ACL {0} anymore. Do you know why?

LDIF file I used was:
dn: olcDatabase={3}hdb,cn=config
changetype:modify
delete: olcAccess
olcAccess: {0}
-
add: olcAccess
olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by
dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read

so quite normal I think, isn't it?

Authentication works OK but I'm really curious what really have happened to ACL {0}

Thanks,
Marcin