[Date Prev][Date Next] [Chronological] [Thread] [Top]

user they can modify passwords

To: openldap-software@openldap.org
Subject: user they can modify passwords
From: Sven Buchstaller <ask@quickline.de>
Date: Thu, 12 Jun 2008 12:30:23 +0200
Content-disposition: inline
User-agent: KMail/1.9.6 (enterprise 20070904.708012)

Hi List

i need an user "it" they can modify on my ldap the passwords for all users.

atm my settings in the acl.conf are:

access to dn.base=""
 by * read

access to dn.base="cn=subSchema"
 by * read

access to attrs=userPassword,userPKCS12
 by self write
 by * auth

access to attrs=shadowLastChange
 by self write
 by * read

access to dn.subtree="ou=users,dc=server1,dc=intern"
 by self write
 by dn="uid=intern,ou=users,dc=server1,dc=intern"
 by * read

access to dn.subtree="ou=groups,dc=server1,dc=intern"
 by * read

access to dn.sub="ou=hosts,dc=server1,dc=intern"
 by self write
 by dn="uid=hostadmin,ou=users,dc=server1,dc=intern" write
 by * read

can i do like this:
access to dn.subtree="ou=users,dc=server1,dc=intern"
 by self write
 by dn="uid=intern,ou=users,dc=server1,dc=intern"
 by * read
 by dn="uid=it,ou=users,dc=server1,dc=intern"
 by * write

MFG Sven

Follow-Ups:
- Re: user they can modify passwords
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: slurpd -d 65535 Invalid credentials error
Next by Date: query result size limit by ip
Index(es):
- Chronological
- Thread