[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with ACL's for userPassword updates

To: Martin Benson <martin_benson1972@hotmail.com>
Subject: Re: Help with ACL's for userPassword updates
From: Jonathan Clarke <jclarke@linagora.com>
Date: Tue, 20 May 2008 14:25:44 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <BLU120-DAV1210A191AD41115E0160BB8BCA0@phx.gbl>
Organization: Linagora
References: <BLU120-DAV1210A191AD41115E0160BB8BCA0@phx.gbl>
User-agent: Thunderbird 2.0.0.14 (X11/20080505)

Hi Martin,

Martin Benson a Ãcrit :
> Hi I need some help with the Access Control Lists in my slapd.conf file.
> I need to allow myself to update a userâs password for when they forget
> their password. With no ACLâs in place I can do this using a ldapmodify
> command that authenticates as âcn=Manager,dc=example,dc=comâ. I normally
> have the following in my ACLâs:
> 
> 
> access to attrs=userPassword
>         by self write
>         by anonymous auth
>         by * none
> access to * by * read
> 
> What do I need to do to change this to allow the manager to change the
> userPassword attribute.

If your "cn=Manager,dc=example,dc=com" user is the rootdn of your
database, you should be able to modify any attributes using this
account, whatever your ACLs.

Otherwise, or if you want to allow this explicitly, you could add this
line after "by self write":
	by dn.exact="cn=Manager,dc=example,dc=com" write

Regards,
-- 
Jonathan Clarke

Open Source Software Assurance (OSSA) - Groupe LINAGORA
27 rue de Berri, 75008 Paris
TÃl: 01 58 18 68 28, fax: 01 58 18 68 29
http://www.linagora.com - http://www.08000linux.com

References:
- Help with ACL's for userPassword updates
  - From: "Martin Benson" <martin_benson1972@hotmail.com>

Prev by Date: ldap automount maps loading problem
Next by Date: Re: tls issues with clients
Index(es):
- Chronological
- Thread