From 71c7b2cf149efcc304dc837938e2865311933ef9 Mon Sep 17 00:00:00 2001
From: cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 3 Dec 2007 10:27:56 +0000
Subject: [PATCH] Updated sample slapd.conf

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@7977 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 contrib/openldap/slapd.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contrib/openldap/slapd.conf b/contrib/openldap/slapd.conf
index 07070d0c2..4c7c0cc6c 100644
--- a/contrib/openldap/slapd.conf
+++ b/contrib/openldap/slapd.conf
@@ -124,12 +124,15 @@ access to dn.subtree=cn=Monitor
 # changed by the entry owning it if they are authenticated.
 # Others should not be able to see it, except the admin
 # entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
 	by dn="cn=ldapadmin,dc=gonicus,dc=de" write
 	by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
 	by anonymous auth
 	by self write
 	by * none 
+access to attr=shadowLastChange
+        by self write
+        by * read
 
 # Deny access to imap/fax/kerberos admin passwords stored
 # in ldap tree
-- 
2.30.2