Bind user with rights to change password.

Jan Kowalsky jankow at datenkollektiv.net
Thu Jan 15 22:01:38 CET 2015


Hi Brian,

Am 12.01.2015 um 14:16 schrieb Shaw, Brian:
>  
> 
> @ Nikolai, sorry for the delay in getting back with you. 
> 
> @Jan, nice examples. The only thing I would change is to add a "target"
> restriction that says what part of the tree the rule is allowed to act
> upon. 
> 
> aci: (target="ldap:///ou=People,dc=example,dc=com") (targetattr = "*")
>  (version 3.0; acl "Owncloud Bind User"; allow
>  (read,compare,search) (userdn = "ldap:///uid=owncloud-bind,ou=Special
>  Users,dc=example,dc=com");)
> aci: (target="ldap:///ou=People,dc=example,dc=com") (targetattr =
> "userPassword")
>  (version 3.0;acl "Owncloud Bind
> User";allow(read,search,compare,add,write,selfwrite,delete)
>  (userdn ="ldap:///uid=owncloud-bind,ou=Special
> Users,dc=example,dc=com");)
> 

Thanks for this suggestion. I'm a ldap beginner and appreciate any
hints. It makes of course sense to restrict this for one tree - I just
didn't know the syntax.

Regards
Jan



More information about the users mailing list