From bfd6f5c83238290a5920219af7329fb85af86a0b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 14 Sep 2008 00:37:36 +0200
Subject: [PATCH] *password needs to be writeable by self, because the web
 interface uses the user's own credentials to update stuff - which is a good
 thing, really

---
 userdir-ldap-slapd.conf.in | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index cf4ecfd..554541d 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -26,7 +26,13 @@ sizelimit 10000
 lastmod on
 
 # owner writeable
-access to attrs=userPassword,sudoPassword,sshrsaauthkey
+access to attrs=userPassword,sudoPassword
+	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+	by dn="uid=sshdist,ou=users,@@DN@@"  write
+	by self write
+	by * compare
+
+access to attrs=sshrsaauthkey
 	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
 	by dn="uid=sshdist,ou=users,@@DN@@"  write
 	by self read
-- 
2.20.1