[Date Prev][Date Next] [Chronological] [Thread] [Top]

help with ACLs

To: openldap-software@OpenLDAP.org
Subject: help with ACLs
From: Adam Williams <awilliam@mdah.state.ms.us>
Date: Mon, 28 Jan 2008 08:16:41 -0600
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7

I'm trying to figure out what my ACL should be in slapd.conf. What I want is that a user can change his/her password, but they won't be able to read any other user's password. Right now what I have is not restrictive enough. I've read the OpenLDAP admin guide on ACLs but it was not clear to me what I should use. What I have currently is below. What do I need to change it to to have the results I want?

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
       by self write
       by anonymous auth
       by * read
       by * none


access to *
       by * read

Follow-Ups:
- Re: help with ACLs
  - From: Denis Sacchet <ouba@ouba.org>

Prev by Date: DN index delete failed
Next by Date: Re: DN index delete failed
Index(es):
- Chronological
- Thread