Hi all,
would it be possible to configure a content-based access control? I have following configuration: my ldap contains user data. Some of the users are local ones and have a regular password entry. They shall be able to change their password. Other users are remotely authenticated with saslauthd. They shall not be able to change their 'password' which is just a redirection.
Example:
dn: uid=remoteuser,ou=People,dc=mydomain,dc=de uid: remoteuser cn: Adam Example uidNumber: 9007 gidNumber: 90 sn: Example userPassword: {SASL}remoteuser
dn: uid=localuser,ou=People,dc=mydomain,dc=de uid: localuser cn: Bruce Somename uidNumber: 1001 gidNumber: 10 sn: Somename userPassword: {SHA}03de6c570bfe24bfc328ccd7ca46b76eadaf4334
User localuser shall be able to change his password, user remoteuser not. Can this be done by a fancy ACL entry, rejecting to change passwords starting with '{SASL}' ?
Thanks in advance, Frank