27 Aug
2023
27 Aug
'23
11:57 a.m.
On 8/27/23 19:01, Marc wrote:
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self read by ssf=256 anonymous auth by * none break
I think the problem is this rule. You specify 'by * none break', which means that evaluation is not stopped if this rule does not match. Because of that, the later rules for user 'yyyy' do match and 'yyyy' can read the 'userPassword' attribute.
You would have to specify a separate rule for 'userPassword' without 'break', something like this:
olcAccess: {1} to attrs=userPassword by self read by anonymous auth
--
Souji Thenria