Hi, when using proxy authentication with strong bind, the attribute userPassword has to have read access, that is, auth access is not sufficient Is there any particular reason for this potential security hole?
slapd[7028]: => acl_mask: access to entry "cn=Dieter Kluenter,ou=Partner,o=avci,c=de", attr "userPassword" requested slapd[7028]: => acl_mask: to value by "cn=admanager,o=avci,c=de", (=0) slapd[7028]: <= check a_dn_pat: self slapd[7028]: <= check a_dn_pat: * slapd[7028]: <= acl_mask: [2] applying auth(=xd) (stop) slapd[7028]: <= acl_mask: [2] mask: auth(=xd) slapd[7028]: => slap_access_allowed: read access denied by auth(=xd) slapd[7028]: => access_allowed: no more rules slapd[7028]: send_search_entry: conn 3 access to attribute userPassword, value #0 not allowed
-Dieter