[Date Prev][Date Next] [Chronological] [Thread] [Top]

help with ACLs

I'm trying to figure out what my ACL should be in slapd.conf. What I want is that a user can change his/her password, but they won't be able to read any other user's password. Right now what I have is not restrictive enough. I've read the OpenLDAP admin guide on ACLs but it was not clear to me what I should use. What I have currently is below. What do I need to change it to to have the results I want?

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
       by self write
       by anonymous auth
       by * read
       by * none

access to * by * read