From 0c22206af0642d8dc73c0c2622721bf69cb706bf Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 13 Sep 2008 16:37:13 +0200
Subject: [PATCH] Do not allow self to write password and keys - they need to
 be changed via the mail gateway or the web interface

---
 userdir-ldap-slapd.conf.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 9cfda02..6b70173 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -29,7 +29,7 @@ lastmod on
 access to attrs=userPassword,sshrsaauthkey
 	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
 	by dn="uid=sshdist,ou=users,@@DN@@"  write
-	by self write
+	by self read
 	by * compare
 
 # debian readable
-- 
2.20.1