[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL Assistance
I'm running OpenLDAP 2.3.34 and am having trouble figuring out the ACLs.
I have the following:
access to attr=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by * read
My intention is to allow everything but the userPassword attribute to be
available to all users and have the userPassword attribute be available
for authentication and password changes by each user (but only for each
user).
The problem with the above ACL is that I am able to read all user's
password hashes through an authenticated bind. What am I doing wrong?
Thanks,
--
Joshua M. Miller - RHCE,VCP