[Da-tools-commits] ./debian/userdir-ldap r451: *password needs to be writeable by self, because the web interface uses the user's own credentials to update stuff - which is a good thing, really
Peter Palfrader
peter at palfrader.org
Sat Sep 13 22:37:36 UTC 2008
------------------------------------------------------------
revno: 451
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sun 2008-09-14 00:37:36 +0200
message:
*password needs to be writeable by self, because the web interface uses the user's own credentials to update stuff - which is a good thing, really
modified:
userdir-ldap-slapd.conf.in
-------------- next part --------------
=== modified file 'userdir-ldap-slapd.conf.in'
--- a/userdir-ldap-slapd.conf.in 2008-09-13 14:37:21 +0000
+++ b/userdir-ldap-slapd.conf.in 2008-09-13 22:37:36 +0000
@@ -26,7 +26,13 @@
lastmod on
# owner writeable
-access to attrs=userPassword,sudoPassword,sshrsaauthkey
+access to attrs=userPassword,sudoPassword
+ by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+ by dn="uid=sshdist,ou=users,@@DN@@" write
+ by self write
+ by * compare
+
+access to attrs=sshrsaauthkey
by group="cn=LDAP Administrator,ou=users,@@DN@@" write
by dn="uid=sshdist,ou=users,@@DN@@" write
by self read
More information about the Da-tools-commits
mailing list