From 71c7b2cf149efcc304dc837938e2865311933ef9 Mon Sep 17 00:00:00 2001 From: cajus Date: Mon, 3 Dec 2007 10:27:56 +0000 Subject: [PATCH] Updated sample slapd.conf git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@7977 594d385d-05f5-0310-b6e9-bd551577e9d8 --- contrib/openldap/slapd.conf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/openldap/slapd.conf b/contrib/openldap/slapd.conf index 07070d0c2..4c7c0cc6c 100644 --- a/contrib/openldap/slapd.conf +++ b/contrib/openldap/slapd.conf @@ -124,12 +124,15 @@ access to dn.subtree=cn=Monitor # changed by the entry owning it if they are authenticated. # Others should not be able to see it, except the admin # entry below -access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire +access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire by dn="cn=ldapadmin,dc=gonicus,dc=de" write by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write by anonymous auth by self write by * none +access to attr=shadowLastChange + by self write + by * read # Deny access to imap/fax/kerberos admin passwords stored # in ldap tree -- 2.30.2