[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Access Control does not work as expected

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Password Access Control does not work as expected
From: Jens Vagelpohl <jens@dataflake.org>
Date: Tue, 27 Apr 2004 08:35:00 -0400
In-reply-to: <200404271403.35864.martin.konold@erfrakon.de>
References: <200404271403.35864.martin.konold@erfrakon.de>

access to attr=userPassword
        by group="cn=admin,base_dn" write
        by group="cn=maintainer,base_dn" write
        by self write
        by anonymous auth
        by * none stop
To my surprise the admin and maintainer users are able to _read_ the userPassword attribute. I expect that users are able to authenticate and to set the password but nobody is allowed to read the password.

It's not an issue, it's just the way it works. Higher privilege levels *include* all lower levels. So "write" automatically includes "read" and "auth".

jens

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- Password Access Control does not work as expected
  - From: Martin Konold <martin.konold@erfrakon.de>

Prev by Date: Password Access Control does not work as expected
Next by Date: Re: Password Access Control does not work as expected
Index(es):
- Chronological
- Thread