--On Thursday, August 1, 2024 3:42 PM +0000 pficheux@integra.fr wrote:
Hello Uwe,
Thanks for the answer.
So, if I understand correctly, until you are authenticated, you are considered as anonymous, or sort of by the LDAP right?
And concerning the "by self write", in the example :
access to dn.children="dc=example,dc=com" by self write by group.exact="cn=Administrators,dc=example,dc=com" write by * auth
Better ACL is probably:
access to attrs=userPassword by self =xw by group.exact="cn=Administrators,dc=example,dc=com" write by anonymous auth
access to dn.subtree="dc=example,dc=com" by self write by group.exact="cn=Administrators,dc=example,dc=com" write
--Quanah