29 Jun
2010
29 Jun
'10
2:56 p.m.
Hi,
I'd like to let my account managers to clear the passwords of their managees in the event that an employee is no longer active. So, I've got an ACL like this:
access to attrs=userPassword,sambaNTPassword by set="this/manager & user" write by * break
But I realized that the ACL also allows the manager to -change- a user's password, which I don't really want.
Is there some ACL that I can grant that would let a manager remove an attribute from another user's account, but not otherwise change the value of that attribute?
Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354