*password needs to be writeable by self, because the web interface uses the user...

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index cf4ecfd..554541d 100644 (file)
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -26,7 +26,13 @@ sizelimit 10000
 lastmod on
 
 # owner writeable
-access to attrs=userPassword,sudoPassword,sshrsaauthkey
+access to attrs=userPassword,sudoPassword
+       by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+       by dn="uid=sshdist,ou=users,@@DN@@"  write
+       by self write
+       by * compare
+
+access to attrs=sshrsaauthkey
        by group="cn=LDAP Administrator,ou=users,@@DN@@" write
        by dn="uid=sshdist,ou=users,@@DN@@"  write
        by self read