[Date Prev][Date Next]
Re: entry modify failed while trying to change user password
>>> access to *
>>> by * read
>>> access to attrs=userPassword
>>> by self write
>>> by * auth
>> This looks correct.
> Actually, I have a question about this. Since access to * by * read comes
> first, won't the second ACL never be evaluated? My understanding of
> OpenLDAP ACL's is they stop at the first matching ACL that gives any sort
> of access (unless there is a by * break in there). And besides, isn't
> this ACL particularly insecure, in that it would allow anyone to read
> anyone elses password? I would expect that these two ACL's should be
Gotcha. Sorry for the wrong indication.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497