Do not allow self to write password and keys - they need to be changed via the mail...

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 9cfda02..6b70173 100644 (file)
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -29,7 +29,7 @@ lastmod on
 access to attrs=userPassword,sshrsaauthkey
        by group="cn=LDAP Administrator,ou=users,@@DN@@" write
        by dn="uid=sshdist,ou=users,@@DN@@"  write
-       by self write
+       by self read
        by * compare
 
 # debian readable