--On Friday, June 21, 2019 1:50 AM +0000 Kyle Sloan
<[email protected]> wrote:
I am able to hide the userPassword and any other single/unique fields on
a query, but I cannot figure out the pwdHistory and how to disable it
from anonymous queries. I keep getting syntax errors and am unsure what
the syntax is.
This works for userPassword, but fails when I replace or add pwdHistory
access to attrs=userPassword
by self write
by anonymous auth
by * none
Hi,
This is clearly not your entire ACL set. When discussing ACLs, its
generally important to provide your full ACL set, since order is important.
Generally, if you want to restrict access to pwdHistory, you would do
something like:
access to attrs=pwdHistory by self write by *none
The "self write" is likely unnecessary since it's an overlay that manages
(slapo-ppolicy). I would note that if some other ACL takes precedence over
this ACL (since you've failed to list all of them), it won't get applied.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
