diff options
author | Buchan Milne <buchan@mageia.org> | 2011-01-22 09:48:10 +0000 |
---|---|---|
committer | Buchan Milne <buchan@mageia.org> | 2011-01-22 09:48:10 +0000 |
commit | cef97e124cf80021b08e7944d670ce45e04cc072 (patch) | |
tree | e1907d8adb1c7e29bbb80c6ab0c63022598120fa /modules/openldap | |
parent | 4cce1bcb171e39357e5db9472aa7a29ddd5fec31 (diff) | |
download | puppet-cef97e124cf80021b08e7944d670ce45e04cc072.tar puppet-cef97e124cf80021b08e7944d670ce45e04cc072.tar.gz puppet-cef97e124cf80021b08e7944d670ce45e04cc072.tar.bz2 puppet-cef97e124cf80021b08e7944d670ce45e04cc072.tar.xz puppet-cef97e124cf80021b08e7944d670ce45e04cc072.zip |
Change ACL for non-privileged users to not work on reset model, instead allow
registrars to change unprivileged passwords directly
Diffstat (limited to 'modules/openldap')
-rw-r--r-- | modules/openldap/templates/mandriva-dit-access.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/openldap/templates/mandriva-dit-access.conf b/modules/openldap/templates/mandriva-dit-access.conf index aac4d32e..d6a8a49c 100644 --- a/modules/openldap/templates/mandriva-dit-access.conf +++ b/modules/openldap/templates/mandriva-dit-access.conf @@ -22,8 +22,8 @@ access to dn.subtree="<%= dc_suffix %>" # Allow account registration to write userPassword of unprivileged users accounts access to dn.subtree="ou=People,<%= dc_suffix %>" filter="(&(objectclass=inetOrgPerson)(!(objectclass=posixAccount)))" - attrs=userPassword,pwdReset - by group/groupOfNames/member.exact="cn=registrars,ou=system groups,<%= dc_suffix %>" +a + attrs=userPassword + by group/groupOfNames/member.exact="cn=registrars,ou=system groups,<%= dc_suffix %>" +w by * +0 break # shadowLastChange is here because it needs to be writable by the user because |