On Tuesday 11 July 2006 16:43, MT wrote: > Okay, some how I kind of got it to work. Here's my ACL's in order: > > access to dn.children="dc=cmcflex,dc=com" > by users write > by * auth The above ACL seems a bit weird ... you probably want this 2nd-last. > > access to > attrs="telephoneNumber","homePhone","homePostalAddress","userPassword" > by users write > by * auth Move these attributes into their own ACL, so that you instead have: access to attrs=userPassword by self write by * auth access to attrs=telephoneNumber,homePhone,homePostalAddress by users write by * read > access to * > by anonymous read You really don't want to mix ACLs for password attributes with other attributes you want to provide read access to. And, you probably don't want any authenticated user to be able to change the passwords of other users. Finally, you may also consider using a group for the write ACLs, so that simply setting a password for a user doesn't compromise your ACLs. Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgphaYB7NQkqS.pgp
Description: PGP signature