index 07070d0c2fb92109410ddfc68b27b392a8746700..4c7c0cc6c71f1f742ea4ffcaa7a9ca70f3a792fb 100644 (file)
# changed by the entry owning it if they are authenticated.
# Others should not be able to see it, except the admin
# entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by * none
+access to attr=shadowLastChange
+ by self write
+ by * read
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree