6 Mar
2008
6 Mar
'08
2:02 p.m.
Rick Stevens wrote:
Howard Chu wrote:
by dn="cn=manager,dc=gbsbilling,dc=com" write by dn="cn=manager,ou=aliases,dc=gbsbilling,dc=com" write by anonymous auth by self write by * nonePay attention to what you're doing.
Yeah, I know. I've been editing the heck out of these files and some of the cut and paste stuff got hosed.
Without really testing it your ACL looks bogus to me.
At the end it should be something like [..] by dn="cn=manager,ou=aliases,dc=gbsbilling,dc=com" write by self write by * auth
Anyway I would make the userPassword attribute write-only. Example:
access to attrs=userPassword by group="cn=Password Admins,ou=Groups,dc=stroeder,dc=local" =wx by self =wx by * =x
Also take note of http://www.openldap.org/its/index.cgi?findid=5400 when running with OpenLDAP 2.4.x.
Ciao, Michael.