What would be your recommendation?

 

Thanks,

 

John D. Borresen (Dave)

From: Craig White [mailto:CWhite@skytouchtechnology.com]
Sent: Wednesday, December 23, 2015 12:27 PM
To: Borresen, John - 0444 - MITLL; openldap-technical@openldap.org
Subject: RE: Issue while changing user password by self

 

From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Borresen, John - 0444 - MITLL
Sent: Wednesday, December 23, 2015 10:13 AM
To: openldap-technical@openldap.org
Subject: RE: Issue while changing user password by self

 

Hello,

 

My users are allowed to modify their own passwords.  My ACL is set like this:

 

olcAccess:           {0} to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn.exact=”cn=admin,dc=group,dc=ldap” write by * none

olcAccess:           {1} to * by * read

 

Though not the perfect configuration but it works.   In yours, I don’t see the userPassword attribute.

You might want to rethink this – you are exposing users passwords to everyone