[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL Assistance
Joshua M. Miller escreveu:
I'm running OpenLDAP 2.3.34 and am having trouble figuring out the
ACLs. I have the following:
access to attr=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by * read
My intention is to allow everything but the userPassword attribute to
be available to all users and have the userPassword attribute be
available for authentication and password changes by each user (but
only for each user).
The problem with the above ACL is that I am able to read all user's
password hashes through an authenticated bind. What am I doing wrong?
Use this ACLs:
access to attrs=userPassword
by self write
by * auth
access to attrs=(put here your others attributes *except* userPassword)
by self write
by * read
--
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
Núcleo de Processamento de Dados
Universidade de Caxias do Sul
http://jczucco.blogspot.com