I'm trying to figure out what my ACL should be in slapd.conf. What I want is that a user can change his/her password, but they won't be able to read any other user's password. Right now what I have is not restrictive enough. I've read the OpenLDAP admin guide on ACLs but it was not clear to me what I should use. What I have currently is below. What do I need to change it to to have the results I want?
access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * read by * none
access to * by * read