12 Oct
2017
12 Oct
'17
1:34 p.m.
Ervin Hegedüs wrote:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write
Additional side notes regarding this ACL above (which is often used in tutorials):
1. You should use slapo-ppolicy instead of deprecated 'shadowLastChange' attribute to enforce password expiry.
2. With this ACL the user can extend the password validity period himself which renders password expiry ineffective.
Ciao, Michael.