Hello guys, Currently I have ACL in my slapd.conf file:
access to attrs=userPassword,userPKCS12 by self write by * auth
access to attrs=shadowLastChange by self write by * read
access to * by peername.ip=10.206.179.0%255.255.255.0 read ..... I need write privilege for my group. I made some changes:
access to attrs=userPassword,userPKCS12 by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by self write by * auth
access to attrs=shadowLastChange by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by self write by * read
access to dn.subtree="dc=exadel,dc=com" by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by peername.ip=206.169.37.147 read
access to * by peername.ip=10.206.179.0%255.255.255.0 read
After that users from LDAP_admins group can edit all. But our Password Change System, where users can change their passwords stopping work properly because users can't login.
After I delete
access to dn.subtree="dc=exadel,dc=com" by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by peername.ip=206.169.37.147 read Password Change System start work well, but user from LDAP_admin group lose their write permissions. After that I tried a big amount of configurations options, but have the problem. Please help!