diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2008-09-17 08:52:30 +0200 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2008-09-17 08:52:30 +0200 |
| commit | 3bc8643d2f270fc2fcd9eace0ca4a5ef2323a26d (patch) | |
| tree | ae91f03ca8d11eeb05584cda12f3a7fb9dc5eddc /ldap/db/20_base.conf.in | |
| parent | 843483d7a6b4cda72cf35e52ab62e85998ea9962 (diff) | |
Move password access to 20 (from 50).
Diffstat (limited to 'ldap/db/20_base.conf.in')
| -rw-r--r-- | ldap/db/20_base.conf.in | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ldap/db/20_base.conf.in b/ldap/db/20_base.conf.in new file mode 100644 index 0000000..b7cd9ae --- /dev/null +++ b/ldap/db/20_base.conf.in @@ -0,0 +1,10 @@ +# The userPassword by default can be changed +# by the entry owning it if they are authenticated. +# Others should not be able to see it, except the +# admin entry below +access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange + by dn.exact="@ADMIN@" write + by dn.exact=”uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" write + by anonymous auth + by self write + by * none |