"Matt V." <opensolaris.org at mygaia.org> writes: > Here, configured ACL in slapd.conf: > access to attrs=userpassword > by self write > by * auth > access to dn.base="" > by * read > access to dn.base="cn=Subschema" by * read > access to dn.subtree="ou=People,dc=domain,dc=com" > by self write > by dn="cn=proxyagent,ou=profile,dc=domain,dc=com" read > by users read > by anonymous auth > access to * by self write > by * read
While the first rule is relevant, the last rule is bogus. The first rule says that only the authenticated user, that is a DN, has write access to it's own userPassword attribute type, all other only have the right to verifiy a password value for authentication purposes. >From your previous posting it was obvious, that an identity other than the user itself, wanted to modify the userPassword attribute, this is not permitted by your rules, even root cannot overrule this, only rootdn can bypass access rules. -Dieter -- Dieter Kl?nter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53?37'09,95"N 10?08'02,42"E
