[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: access rights for shadowAccount attributes

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Q: access rights for shadowAccount attributes
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 16 Oct 2013 09:18:30 +0200
In-reply-to: <525E5428020000A100012C2F@gwsmtp1.uni-regensburg.de>
References: <525E5428020000A100012C2F@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 SeaMonkey/2.21

Ulrich Windl wrote:
> I wonder what the minimum required access rights for the attributes of
> shadowAccount are: Should they be protected the same way the password is?
> At the moment an anonymous bind can read them (i.e. no special access rules
> present).

by * None should be sufficient.

Serious: You probably won't need 'shadowAccount' at all.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Q: access rights for shadowAccount attributes
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Berkeley DB backend - exact version check
Next by Date: temporarily removing a group object in SLES11
Index(es):
- Chronological
- Thread