On 08/05/2016 09:08 AM, Frank Swasey wrote: > Today at 8:10am, John Lewis wrote: > >> olcAccess: {0}to * by >> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage >> by * break >> olcAccess: {1}to dn.base="" by * read >> olcAccess: {2}to * by * read >> olcAccess: {3}to attrs=userPassword,shadowLastChange by self write by >> anonymous auth by * none > > And the world can read your passwords... > > Order *is* important. First match wins. At the very least you need > to put #2 as the very last rule. > How is this?
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none olcAccess: {3}to * by * read You said to do that at the very least. What else do you think I should do?