Hi, I'd like to let my account managers to clear the passwords of their managees in the event that an employee is no longer active. So, I've got an ACL like this:
access to attrs=userPassword,sambaNTPassword by set="this/manager & user" write by * break But I realized that the ACL also allows the manager to -change- a user's password, which I don't really want. Is there some ACL that I can grant that would let a manager remove an attribute from another user's account, but not otherwise change the value of that attribute? Tim Gustafson Baskin School of Engineering UC Santa Cruz [email protected] 831-459-5354
