I'm reading through Chapter 6 of the Openldap Software 2.3
Admninistrator's Guide, but I'm a little confused on access permissions.
I think my access permissions are wrong.
I have 2 users loaded in openldap, adam and testuser. in slapd.conf I
have:
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us"
write
by * none
access to *
by self write
by dn.base="cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us"
write
by * read
but adam can change testuser's password, and I want it so that a user can
only change their password and not someone else's:
[root@gomer ~]# su -l adam
[adam@gomer ~]$ ldapmodify -D
"uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxx
-x -v -f changepasswd.ldif
ldap_initialize( <DEFAULT> )
replace userPassword:
{CRYPT}xxxxxxxxxxxx
modifying entry
"uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us"
modify complete