[Date Prev][Date Next]
Re: user they can modify passwords
On Thu, 12 Jun 2008, Sven Buchstaller wrote:
i need an user "it" they can modify on my ldap the passwords for all users.
atm my settings in the acl.conf are:
can i do like this:
access to dn.subtree="ou=users,dc=server1,dc=intern"
by self write
by * read
by * write
1. best practice is to write "dn.exact" if that's your intention.
2. you have no <access> fields for uid=intern nor uid=it.
3. two "by *" rules are irrelevant, only one can fire (in the absence of
any <control> fields)
4. most most most importantly, order matters. so those last two lines are
never reached, "by * read" matches all first.
Please read slapd.access(5) man page entirely and carefully.