On 6/21/19 3:52 PM, Quanah Gibson-Mount wrote: > Generally, if you want to restrict access to pwdHistory, you would do > something like: > > access to attrs=pwdHistory by self write by *none
Making pwdHistory writeable by user him/herself is almost a security issue. User would additionally need manage privilege to really remove the attribute but still the above ACL is not good practice. Ciao, Michael.
