[Mageia-sysadm] [877] Change ACL for non-privileged users to not work on reset model, instead allow
root at mageia.org
root at mageia.org
Sat Jan 22 10:48:10 CET 2011
Revision: 877
Author: buchan
Date: 2011-01-22 10:48:10 +0100 (Sat, 22 Jan 2011)
Log Message:
-----------
Change ACL for non-privileged users to not work on reset model, instead allow
registrars to change unprivileged passwords directly
Modified Paths:
--------------
puppet/modules/openldap/templates/mandriva-dit-access.conf
Modified: puppet/modules/openldap/templates/mandriva-dit-access.conf
===================================================================
--- puppet/modules/openldap/templates/mandriva-dit-access.conf 2011-01-21 14:53:38 UTC (rev 876)
+++ puppet/modules/openldap/templates/mandriva-dit-access.conf 2011-01-22 09:48:10 UTC (rev 877)
@@ -22,8 +22,8 @@
# Allow account registration to write userPassword of unprivileged users accounts
access to dn.subtree="ou=People,<%= dc_suffix %>"
filter="(&(objectclass=inetOrgPerson)(!(objectclass=posixAccount)))"
- attrs=userPassword,pwdReset
- by group/groupOfNames/member.exact="cn=registrars,ou=system groups,<%= dc_suffix %>" +a
+ attrs=userPassword
+ by group/groupOfNames/member.exact="cn=registrars,ou=system groups,<%= dc_suffix %>" +w
by * +0 break
# shadowLastChange is here because it needs to be writable by the user because
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110122/21e2570e/attachment.html>
More information about the Mageia-sysadm
mailing list