(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Answer) What ACLs should I start with?
Generally one should start with a basic ACLs such as:
  access to attr=userpassword
    by self =xw
    by anonymous auth

  access to *
    by self write
    by users read
The first ACL allows users to update (but not read) their passwords, anonynmous users to authenticate against this attribute, and (implicitly) denying all access to others.

The second ACL allows users full access to their entry, authenticated users read access to anything, and (implicitly) denying all access to others (in this case, anonymous users).

[Append to This Answer]
Previous: (Answer) How do I use the defaultaccess directive?
Next: (Answer) How do I match anonymous users?
This document is: http://www.openldap.org/faq/index.cgi?file=320
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org