Hi,
Ok
my rule is access to dn.regex="^mail=([^,]+),ou=([^,]+),jvd=([^,]+),o=hosting,dc=myhosting,dc=example$" attrs=userPassword by dn.exact="mail=$1,ou=$2,jvd=$3,o=hosting,dc=myhosting,dc=example" write by dn.exact,expand="mail=$1,ou=$2,jvd=$3,o=hosting,dc=myhosting,dc=example" read by dn="cn=Manager,dc=myhosting,dc=example" write by users none by * none
this doesn't work , users can't change their own password.
Also try this;
access to attrs=userpassword by self write by anonymous auth by dn="cn=Manager,dc=myhosting,dc=example" write by users none by * none
doesn't work again.
open ldap have another parameter for these things ???
?? On Tue, Dec 20, 2011 at 8:56 PM, Quanah Gibson-Mount quanah@zimbra.comwrote:
--On Tuesday, December 20, 2011 4:28 PM +0200 Selcuk Yazar < selcuk.yazar@gmail.com> wrote:
access to
dn.regex="(.*,ou=(.+),jvd=([^,**]+),o=hosting,dc=myhosting,dc=**example)" attrs=userPassword by self write by users write
"by users write" will allow any authenticated user to overwrite anyone's password. I'm guessing you really do *not* want this rule.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration