From 8f0a9892eb36abcd8e89b04ae4f0c23ebfd6b512 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Tue, 15 Oct 2024 21:23:00 +0000 Subject: [PATCH] make user attribute rules specific to people OU --- auth.template.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth.template.ldif b/auth.template.ldif index 9eab252..562d80a 100644 --- a/auth.template.ldif +++ b/auth.template.ldif @@ -4,12 +4,12 @@ changetype: modify delete: olcAccess - add: olcAccess -olcAccess: {0}to attrs=userPassword +olcAccess: {0}to dn.subtree="ou=people,$BASE_DN" attrs=userPassword by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" =wcdx by self write by anonymous auth by * none -olcAccess: {1}to attrs=shadowLastChange,cn,sn +olcAccess: {1}to dn.subtree="ou=people,$BASE_DN" attrs=shadowLastChange,cn,sn by self write by * read olcAccess: {2}to dn.subtree="$BASE_DN"