access to attr=userPassword by group="cn=admin,base_dn" write by group="cn=maintainer,base_dn" write by self write by anonymous auth by * none stop
To my surprise the admin and maintainer users are able to _read_ the
userPassword attribute. I expect that users are able to authenticate and to
set the password but nobody is allowed to read the password.
Description: S/MIME cryptographic signature