From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 13 Sep 2008 14:37:13 +0000 (+0200)
Subject: Do not allow self to write password and keys - they need to be changed via the mail... 
X-Git-Tag: userdir-ldap-0.3.37~13
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=0c22206af0642d8dc73c0c2622721bf69cb706bf

Do not allow self to write password and keys - they need to be changed via the mail gateway or the web interface
---

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 9cfda02..6b70173 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -29,7 +29,7 @@ lastmod on
 access to attrs=userPassword,sshrsaauthkey
 	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
 	by dn="uid=sshdist,ou=users,@@DN@@"  write
-	by self write
+	by self read
 	by * compare
 
 # debian readable