From 30887642f49a72a319950368542c7d1e7d4d1e74 Mon Sep 17 00:00:00 2001
From: Tollef Fog Heen <tfheen@err.no>
Date: Tue, 23 Jul 2019 21:43:42 +0200
Subject: [PATCH] Restrict access to totpSeed

---
 userdir-ldap-slapd.conf.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index eca64fd..be4988c 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -67,6 +67,10 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
 access to attrs=userPassword,sudoPassword,webPassword,rtcPassword,bATVToken
 	by * compare
 
+# inaccessible to everybody
+access to attrs=totpSeed
+	by * none
+
 # readable only by self
 access to attrs=sshrsaauthkey
 	by self read
-- 
2.20.1