Hi,
Ok
my rule is
access to
dn.regex="^mail=([^,]+),ou=([^,]+),jvd=([^,]+),o=hosting,dc=myhosting,dc=example$"
attrs=userPassword
by
dn.exact="mail=$1,ou=$2,jvd=$3,o=hosting,dc=myhosting,dc=example" write
by
dn.exact,expand="mail=$1,ou=$2,jvd=$3,o=hosting,dc=myhosting,dc=example"
read
by dn="cn=Manager,dc=myhosting,dc=example" write
by users none
by * none
this doesn't work , users can't change their own password.
Also try this;
access to attrs=userpassword
by self write
by anonymous auth
by dn="cn=Manager,dc=myhosting,dc=example" write
by users none
by * none
doesn't work again.
open ldap have another parameter for these things ???
??
On Tue, Dec 20, 2011 at 8:56 PM, Quanah Gibson-Mount <[email protected]>wrote:
> --On Tuesday, December 20, 2011 4:28 PM +0200 Selcuk Yazar <
> [email protected]> wrote:
>
> access to
>> dn.regex="(.*,ou=(.+),jvd=([^,**]+),o=hosting,dc=myhosting,dc=**example)"
>> attrs=userPassword
>> by self write
>> by users write
>>
>
> "by users write" will allow any authenticated user to overwrite anyone's
> password. I'm guessing you really do *not* want this rule.
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
--
Selçuk YAZAR
http://www.selcukyazar.blogspot.com
