>> Quanah Gibson-Mount <quanah(a)fast-mail.org> schrieb am
30.04.2022 um 00:54
in
Nachricht <28499A685B1FAE689838078F(a)[192.168.1.17]>:
‑‑On Friday, April 29, 2022 10:42 PM +0000 gerson.garcia(a)itron.com wrote:
> Quanah,
>
> Yes I read it and tried replace "by * read" by "by * auth" and
"by *
> none" but then nobody could access it. Like I said, I am new on this, any
> support other than google it, I would appreciate it.
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
none
Is there any security implication if one uses ".. by self write by * auth"
instead?
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to dn.subtree="dc=nocinbox,dc=inc" by
set="[cn=sec‑admin,ou=groups,dc=nocinbox,dc=inc]/memberUid & user/uid"
write by * read
The only thing that requires anonymous auth access is the userPassword
attribute. However, other permissions may be necessary depending on the
operations. It's important as well to understand the section on the pseudo
attribute "entry too.
‑‑Quanah