Andrei Valoshyn wrote: > Currently I have ACL in my slapd.conf file: > > access to attrs=userPassword,userPKCS12 > by self write > by * auth > [..] > I need write privilege for my group. I made some changes: > [..] > After that users from LDAP_admins group can edit all. But our Password Change > System, where users can change their passwords stopping work properly because > users can't login. Disclaimer: I won't analyse your e-mails in detail. Most likely the "by * auth" in the first ACL is not reached anymore. Things to consider when writing ACLs: 1. Order is significant 2. Each ACL ends with an implicit <who> clause "by * none" => processing stops if not explicitly passed on with "break". Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature