On 08/05/2016 09:08 AM, Frank Swasey wrote:
Today at 8:10am, John Lewis wrote:
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by * read olcAccess: {3}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
And the world can read your passwords...
Order *is* important. First match wins. At the very least you need to put #2 as the very last rule.
How is this?
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none olcAccess: {3}to * by * read
You said to do that at the very least. What else do you think I should do?