Hi!
I wonder what the minimum required access rights for the attributes of shadowAccount are: Should they be protected the same way the password is? At the moment an anonymous bind can read them (i.e. no special access rules present).
Regards, Ulrich
Ulrich Windl wrote:
I wonder what the minimum required access rights for the attributes of shadowAccount are: Should they be protected the same way the password is? At the moment an anonymous bind can read them (i.e. no special access rules present).
by * None should be sufficient.
Serious: You probably won't need 'shadowAccount' at all.
Ciao, Michael.
openldap-technical@openldap.org