ACL Assistance

15 May 2007


      I'm running OpenLDAP 2.3.34 and am having trouble figuring out the ACLs. 
  I have the following:
access  to attr=userPassword
         by self         write
         by anonymous    auth
         by *            none
access  to *
         by self         write
         by *            read
My intention is to allow everything but the userPassword attribute to be 
available to all users and have the userPassword attribute be available 
for authentication and password changes by each user (but only for each 
user).
The problem with the above ACL is that I am able to read all user's 
password hashes through an authenticated bind.  What am I doing wrong?
Thanks,
-- 
Joshua M. Miller - RHCE,VCP

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

ACL Assistance