blob: 1d78c6a2cc4103abf09b370ff599a50c8d05e1cd (
plain)
- # The userPassword by default can be changed
- # by the entry owning it if they are authenticated.
- # Others should not be able to see it, except the
- # admin entry below
- access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange
- by dn.exact="@ADMIN@" write
- by group="cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" write
- by anonymous auth
- by self write
- by * none
|
