|
Hello guys, Currently I have ACL in my slapd.conf file: access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by peername.ip=10.206.179.0%255.255.255.0 read ..... I need write privilege for my group. I made some changes: access to attrs=userPassword,userPKCS12 by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by self write by * auth access to attrs=shadowLastChange by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by self write by * read access to dn.subtree="dc=exadel,dc=com" by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by peername.ip=206.169.37.147 read access to * by peername.ip=10.206.179.0%255.255.255.0 read After that users from LDAP_admins group can edit all. But our Password Change System, where users can change their passwords stopping work properly because users can't login. After I delete access to dn.subtree="dc=exadel,dc=com" by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write by peername.ip=206.169.37.147 read Password Change System start work well, but user from LDAP_admin group lose their write permissions. After that I tried a big amount of configurations options, but have the problem. Please help! -- With Best Wishes Andrei Valoshyn Exadel Inc. System Administrator avaloshyn@exadel.com CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email. |