Could some expert point out possible stupid mistakes in the following ACLs? The intention of the first block is to allow uid=user,ou=People,o=CWI INS,c=NL to change the separate password for uid=user,ou=Mail Users,ou=Services,o=CWI INS,c=NL; the second block is to allow simple bind to other dn's and the third block to allow access via LDAPS from the outside. Thanks a lot in advance for any advice, Hein access to dn="uid=([^,]+),ou=Mail Users,ou=Services,o=CWI INS,c=NL" attribute=userPassword by anonymous auth by self write by dn="uid=$1,ou=People,o=CWI INS,c=NL" write by * none access to attribute=userPassword by anonymous auth by self write by * none access to * by users read by domain=".*\.cwi\.nl" read by * none
Attachment:
signature.asc
Description: This is a digitally signed message part