[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL and Password Policy

To: openldap-technical@openldap.org
Subject: ACL and Password Policy
From: Aleksander DzierÅanowski <olo@e-lista.pl>
Date: Mon, 25 Nov 2013 20:15:07 +0100

Hi.

I have OpenLDAP 2.4.36 server grabbed from LTB project. Iâve noticed two issues, can anyone confirm the same behavior?

First - ACLs:
to dn.base=""
        by users read
to dn.subtree="ou=disabledaccounts,o=examples"
        by dn.base="cn=replicationmanager,o=example" read
        by * none
to attrs=userPassword,shadowLastChange
        by dn.base="cn=replicationmanager,o=example" read
        by dn.base=âcn=radiussuperuser,o=example" read
        by anonymous auth
        by self write
        by * none
[skipping few next less important rules]

Above ACL should NOT show userâs own password, right? But it shows in my environment..

Second:
PwdMinLength in password policy does not work. I can easily set shorter password. Password policy in general works, for example it does not allow me to change password earlier than âpwdMinAgeâ.

Best regards,
â
Olo

Follow-Ups:
- Re: ACL and Password Policy
  - From: Aleksander DzierÅanowski <olo@e-lista.pl>
- Re: ACL and Password Policy
  - From: Michael Proto <michael.proto@tstllc.net>

Prev by Date: Re: OpenLDAP with ppolicy and SSSD configuration question.
Next by Date: Re: ACL and Password Policy
Index(es):
- Chronological
- Thread