Allow the user to write their password but deny anyone else access
access to dn=".*, o=BT plc, c=gb"
attr=userPassword
by self write
by * none
Allow the user to update some attributes and anyone from BT to read them,
deny anyone else access
access to dn=".*, o=BT plc, c=gb"
attr=contact,Aaddr,Atel,Afax,Amobile,Aemail,Ahomepage,Aworkstation
by self write
by domain=.*\.bt\.co\.uk read
by * none
Allow anyone from bt to update this attribute
access to dn=".*, o=BT plc, c=gb"
attr=currLoc,
by domain=.*\.bt\.co\.uk write
by * none
When I fire up slapd and run ldapsearch without any authentication then all
user passwords are printed out on my screen. If I add
defaultaccess none
to the config file then only the rootdn can access entries, i.e. other users
cannot access even if their dn and password is specified. Is there something
elementary I have missed?
Cheers,
Ed Oskiewicz
--- B54/76, BT Labs, Martlesham Heath, Ipswich, Suffolk, UK, IP5 7RE oskiewicz_e_p@bt-web.bt.co.uk, eoskiewi@jungle.bt.co.uk Tel +44 1473 640896, Fax +44 1473 640929