[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password Access Control does not work as expected

To: openldap-software@OpenLDAP.org
Subject: Password Access Control does not work as expected
From: Martin Konold <martin.konold@erfrakon.de>
Date: Tue, 27 Apr 2004 14:03:35 +0200
Content-disposition: inline
Organization: erfrakon
User-agent: KMail/1.6.51

Hi,

I am putting the following as the first entry in slapd.conf:

access to attr=userPassword
        by group="cn=admin,base_dn" write
        by group="cn=maintainer,base_dn" write
        by self write
        by anonymous auth
        by * none stop

To my surprise the admin and maintainer users are able to _read_ the 
userPassword attribute. I expect that users are able to authenticate and to 
set the password but nobody is allowed to read the password.

(Tested with multiple versions of OpenLDAP incl. 2.1.12)

Is this a known issue?

Regards,
-- martin

Dipl.-Phys. Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold@erfrakon.de

Follow-Ups:
- Re: Password Access Control does not work as expected
  - From: Jens Vagelpohl <jens@dataflake.org>
- Re: Password Access Control does not work as expected
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Password Access Control does not work as expected
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: Password Access Control does not work as expected
  - From: Stephan Siano <stephan.siano@suse.de>

Prev by Date: Re: ldapsearch query via OpenLDAP proxy to AD
Next by Date: Re: Password Access Control does not work as expected
Index(es):
- Chronological
- Thread