Re: A little more on openLDAP

---

• From: Josh Miller <joshua@xxxxxxxxxxxxxxxxx>
• Date: Fri, 15 Feb 2008 14:12:30 -0800

---

Josh Miller wrote:

m.roth2006@xxxxxxx wrote:

Try this instead:

access to attrs=userPassword
by self write
by anonymous auth
by * none

access to * # all attributes except entries listed above
by * read # anybody can read it
by anonymous auth

Also, shadowLastChange is an internal attribute and should NOT appear in your ACL.

HTH,
Josh, RHCE

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

---

• References:
  • A little more on openLDAP
    • From: m.roth2006
  • Re: A little more on openLDAP
    • From: Josh Miller

• Prev by Date: Re: A little more on openLDAP
• Next by Date: Re: How to install Mailman on RHEL 4
• Previous by thread: Re: A little more on openLDAP
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Still fighting openldap ... ACL: ... thinking that it had to have anon authority to read, in order to find the user/password, but that only changes the error to invalid credentials ... (RedHat) Still fighting openldap ... ACL: ... (Still 2.3.39, RHEL 4) ... (RedHat)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > RedHat  > 2008-02