[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
userpassword permissions
This was just discussed, I know.
OpenLDAP 2.2.23, BDB 4.2.52, FC3
Acls in slapd.conf:
access to attr=userPassword
by self write
by anonymous auth
by * none
access to dn.subtree="ou=Anonymous,ou=Comments,ou=Expressions,o=mentata.com"
by dn="uid=annie,ou=Generic,ou=People,o=mentata.com" write
by * read
access to *
by * read
I get:
% ldapsearch -x -b 'ou=Generic,ou=People,o=mentata.com' '(uid=*)'
# extended LDIF
#
# LDAPv3
# base <ou=People,o=mentata.com> with scope sub
# filter: (uid=*)
# requesting: ALL
#
# annie, Generic, People, mentata.com
dn: uid=annie,ou=Generic,ou=People,o=mentata.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
userPassword:: bm9ubmll
uid: annie
givenName: Annie
sn: Nonnie
cn: Annie Nonnie
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Why is the (base64-encoded) password visible on an anonymous search with
these access control rules?
Jon Roberts
www.mentata.com