Hi Ryan,


thank you.


Stefan

-----Ursprüngliche Nachricht-----
Von: Ryan Tandy <ryan@nardis.ca>
Gesendet: Son 14 Juni 2015 00:59
An: Stefan Bauer <sb@plzk.de>
CC: openldap-technical@openldap.org
Betreff: Re: problem with olcAccess - can not change own userPassword field

On Thu, Jun 11, 2015 at 02:12:19PM +0200, Stefan Bauer wrote:
>olcAccess: {0}to * by * read by * break 

"by * read" matches everyone, and stops. "by * break" is never reached.

>olcAccess: {1}to dn.subtree="ou=Benutzer,dc=example,dc=com" attrs=userPassword by self write by * break

This rule is never reached, because everyone is matched by "by * read"
(with "stop" implicit) above.