>>> Quanah Gibson-Mount <[email protected]> schrieb am 30.04.2022 um 00:54 in Nachricht <28499A685B1FAE689838078F@[192.168.1.17]>:
> > ‑‑On Friday, April 29, 2022 10:42 PM +0000 [email protected] wrote: > >> Quanah, >> >> Yes I read it and tried replace "by * read" by "by * auth" and "by * >> none" but then nobody could access it. Like I said, I am new on this, any >> support other than google it, I would appreciate it. > > olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * > none Is there any security implication if one uses ".. by self write by * auth" instead? > olcAccess: {1}to attrs=shadowLastChange by self write by * read > olcAccess: {2}to dn.subtree="dc=nocinbox,dc=inc" by > set="[cn=sec‑admin,ou=groups,dc=nocinbox,dc=inc]/memberUid & user/uid" > write by * read > > > > The only thing that requires anonymous auth access is the userPassword > attribute. However, other permissions may be necessary depending on the > operations. It's important as well to understand the section on the pseudo > attribute "entry too. > > ‑‑Quanah
