[Date Prev][Date Next] [Chronological] [Thread] [Top]

keeping userPassword as protected as possible

To: openldap-software@OpenLDAP.org
Subject: keeping userPassword as protected as possible
From: charlie derr <cderr@simons-rock.edu>
Date: Tue, 01 Jan 2002 11:59:35 -0500

I'm using openldap (2.0.18 if that matters) and I want each user to be
able to change her/his own password, and for now i want all other
attributes to be visible by everyone.  

The following seems to work, but I have the feeling that there may be a
more efficient (or perhaps more secure?) way to accomplish the same
thing. 


<part of slapd.conf>

access to attr=userPassword
      by self write
      by anonymous auth
      by dn="cn=Manager,dc=ourdomain,dc=edu" write
      by * compare
access to *
      by self write
      by dn="cn=Manager,dc=ourdomain,dc=edu" write
      by users read
      by * read

</part of slapd.conf>



        thanx much in advance for any suggestions,
                ~c

Follow-Ups:
- Re: keeping userPassword as protected as possible
  - From: John Morrissey <jwm@horde.net>

Prev by Date: Re: LDIF Email Entry Details?
Next by Date: Re: keeping userPassword as protected as possible
Index(es):
- Chronological
- Thread