--On Tuesday, May 21, 2019 3:41 PM -0700 Quanah Gibson-Mount
<[email protected]> wrote:
Here an example :
access to attrs=userPassword
by dn.exact="cn=admin,dc=example,dc=fr" write
by users auth
by anonymous auth
by * none
That should be "by users read", not "by users auth" as per their stated
requirements. I would note that this ACL would be problematic in a
replicated environment unless the "cn=admin,dc=example,dc=fr" DN is also
used for replication.
Additionally, I'm guessing what is really desired is "by self read" rather
than "by users read", as the latter would allow any authenticated DN to
read the userPassword value of any entry in the DB.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
