[Date Prev][Date Next] [Chronological] [Thread] [Top]

Restrict access to userPassword



Hi,

I hope I'm on the right list now. but I have 2 computers with Fedora Core 3 and the accompanying OpenLDAP tools. One of them is server and the other one is a client. I would like to set up the server so that users can use it to log in to the client but not see userPassword if they issue an ldapsearch.
I've tried to accomplish this by inserting the following access statements in my slapd.conf:

# rootdn can always read and write EVERYTHING!
#access to attr=userPassword
#       by dn="cn=Manager,dc=testldap,dc=com" write
#       by self write
#       by anonymous auth
#       by * compare

access to attr=loginShell,shadowLastChange
        by dn="cn=Manager,dc=testldap,dc=com" write
        by self write
        by * read

access to *
        by dn="cn=Manager,dc=testldap,dc=com" write
        by self write
        by * read

If I use this as is the users can log in but also see userPassword. If I uncomment the first access statement the users can't login. 
So what am I missing here?

Johan


_____________________________________________________________
Xtreme Resource Services - For Free!
Get Your @xrs.net Mail at http://xrs.net/