Gordon Messmer <[EMAIL PROTECTED]> writes:
> Lloyd Zusman wrote:
>> OK, OK ... I found it. I added this to slapd.conf:
>> access to *
>> by self write
>> by anonymous auth
>> by * read
>
> Yeah... Your users can now change their login shell and uid (attribute
> "uidNumber"). Obviously, this is bad.
>
> Be specific when granting write access. Only grant access to the
> specific attributes that users need to be able to change.
OK. So what should it look like? Something like this, perhaps?
access to userPassword
by self write
by anonymous auth
by * read
Thanks.
--
Lloyd Zusman
[EMAIL PROTECTED]
God bless you.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
