Bind user with rights to change password.
Jan Kowalsky
jankow at datenkollektiv.net
Thu Jan 15 22:01:38 CET 2015
Hi Brian,
Am 12.01.2015 um 14:16 schrieb Shaw, Brian:
>
>
> @ Nikolai, sorry for the delay in getting back with you.
>
> @Jan, nice examples. The only thing I would change is to add a "target"
> restriction that says what part of the tree the rule is allowed to act
> upon.
>
> aci: (target="ldap:///ou=People,dc=example,dc=com") (targetattr = "*")
> (version 3.0; acl "Owncloud Bind User"; allow
> (read,compare,search) (userdn = "ldap:///uid=owncloud-bind,ou=Special
> Users,dc=example,dc=com");)
> aci: (target="ldap:///ou=People,dc=example,dc=com") (targetattr =
> "userPassword")
> (version 3.0;acl "Owncloud Bind
> User";allow(read,search,compare,add,write,selfwrite,delete)
> (userdn ="ldap:///uid=owncloud-bind,ou=Special
> Users,dc=example,dc=com");)
>
Thanks for this suggestion. I'm a ldap beginner and appreciate any
hints. It makes of course sense to restrict this for one tree - I just
didn't know the syntax.
Regards
Jan
More information about the users
mailing list