On 8/27/23 19:01, Marc wrote:
olcAccess: {2} to attrs=userPassword,shadowLastChange
by ssf=256 self read
by ssf=256 anonymous auth
by * none break
I think the problem is this rule. You specify 'by * none break', which
means that evaluation is not stopped if this rule does not match.
Because of that, the later rules for user 'yyyy' do match and 'yyyy' can
read the 'userPassword' attribute.
You would have to specify a separate rule for 'userPassword' without
'break', something like this:
olcAccess: {1} to attrs=userPassword
by self read
by anonymous auth
--
Souji Thenria
