[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Access Control does not work as expected

access to attr=userPassword
        by group="cn=admin,base_dn" write
        by group="cn=maintainer,base_dn" write
        by self write
        by anonymous auth
        by * none stop

To my surprise the admin and maintainer users are able to _read_ the
userPassword attribute. I expect that users are able to authenticate and to
set the password but nobody is allowed to read the password.

It's not an issue, it's just the way it works. Higher privilege levels *include* all lower levels. So "write" automatically includes "read" and "auth".


Attachment: smime.p7s
Description: S/MIME cryptographic signature