[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)

On Fri, 13 Oct 2000, Rudolf Nottrott, NCEAS wrote:
> Thanks Patrick, for your examples.  
> I did a lot of experimenting yesterday and found that the following works
> for hiding the password, although I still don't really understand how:
> defaultaccess read
> access to attr=userPassword
>     by * search
> access to * by self write
> Taken as plain English, "access to attr=userPassword" suggests the opposite
> of hiding to me, but it hides the password alright.

access to attr=userpassword
    by self         write
    by *            compare

Means:  Access to user to write (implies read) and 
access for the others only compare.

German Poo Caaman~o