From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 13 Sep 2008 22:37:36 +0000 (+0200)
Subject: *password needs to be writeable by self, because the web interface uses the user... 
X-Git-Tag: userdir-ldap-0.3.37~3
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=bfd6f5c83238290a5920219af7329fb85af86a0b

*password needs to be writeable by self, because the web interface uses the user's own credentials to update stuff - which is a good thing, really
---

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index cf4ecfd..554541d 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -26,7 +26,13 @@ sizelimit 10000
 lastmod on
 
 # owner writeable
-access to attrs=userPassword,sudoPassword,sshrsaauthkey
+access to attrs=userPassword,sudoPassword
+	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+	by dn="uid=sshdist,ou=users,@@DN@@"  write
+	by self write
+	by * compare
+
+access to attrs=sshrsaauthkey
 	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
 	by dn="uid=sshdist,ou=users,@@DN@@"  write
 	by self read