[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Access Control does not work as expected

To: Jens Vagelpohl <jens@dataflake.org>
Subject: Re: Password Access Control does not work as expected
From: denis.havlik@t-mobile.at
Date: Tue, 27 Apr 2004 15:06:02 +0200
Cc: Openldap list <openldap-software@OpenLDAP.org>, owner-openldap-software@OpenLDAP.org

>> access to attr=userPassword
>> by group="cn=admin,base_dn" write
>> by group="cn=maintainer,base_dn" write
>> by self write
>> by anonymous auth
>> by * none stop
>>
>> To my surprise the admin and maintainer users are able to _read_ the
>> userPassword attribute. I expect that users are able to authenticate
>> and to
>> set the password but nobody is allowed to read the password.

>It's not an issue, it's just the way it works. Higher privilege levels
>*include* all lower levels. So "write" automatically includes "read"
>and "auth".

Which is why SASL is such a good idea.

Prev by Date: Re: Access list problem
Next by Date: Antwort: Re: Password Access Control does not work as expected [Virus checked]
Index(es):
- Chronological
- Thread