Updated sample slapd.conf

author cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 3 Dec 2007 10:27:56 +0000 (10:27 +0000)

committer cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 3 Dec 2007 10:27:56 +0000 (10:27 +0000)
author cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 3 Dec 2007 10:27:56 +0000 (10:27 +0000)
committer cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 3 Dec 2007 10:27:56 +0000 (10:27 +0000)
diff --git a/contrib/openldap/slapd.conf b/contrib/openldap/slapd.conf

index 07070d0c2fb92109410ddfc68b27b392a8746700..4c7c0cc6c71f1f742ea4ffcaa7a9ca70f3a792fb 100644 (file)
--- a/contrib/openldap/slapd.conf
+++ b/contrib/openldap/slapd.conf
@@ -124,12 +124,15 @@ access to dn.subtree=cn=Monitor
  # changed by the entry owning it if they are authenticated.
  # Others should not be able to see it, except the admin
  # entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
         by dn="cn=ldapadmin,dc=gonicus,dc=de" write
         by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
         by anonymous auth
         by self write
         by * none 
+access to attr=shadowLastChange
+        by self write
+        by * read
  
  # Deny access to imap/fax/kerberos admin passwords stored
  # in ldap tree
author	cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 3 Dec 2007 10:27:56 +0000 (10:27 +0000)
committer	cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 3 Dec 2007 10:27:56 +0000 (10:27 +0000)