RAT wrote: > I'm unaccustomed to the new (non-slapd.conf) way of adding ACL/ACI's. > > I'm trying exclude anonymous access to the password. We've tried > this to no affect: > > olcAccess: to dn.base="cn=users,dc=lib-mac,dc=local" by * read > olcAccess: to dn.base="cn=Subschema" by * read > olcAccess: to attrs=userPassword > by self write > by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" read > by * auth > olcAccess: to dn.subtree="" > by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" write > by users read > by anonymous auth
The ACL for attrs=userPassword should be the first ACL. ACLs are evaluated in order, read the man slapd.access > > Robert Threet > http://yesistilluseperl.blogspot.com/ > > ____________________________________________________________ > $65/Hr Job - 25 Openings > Part-Time job ($20-$65/hr). Requirements: Home Internet Access > http://thirdpartyoffers.netzero.net/TGL3231/4d540f18d12d722e5best03du >c -- Harry Jede Kronprinzenstraße 151 44135 Dortmund Germany Tel +49 231 522376 Email [email protected]
