Today at 8:10am, John Lewis wrote:
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by * read
olcAccess: {3}to attrs=userPassword,shadowLastChange by self write by
anonymous auth by * none
And the world can read your passwords...
Order *is* important. First match wins. At the very least you need to
put #2 as the very last rule.
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)