Re: ldap, access control and kerberos authentication

Mark Bixby (
Tue, 2 Apr 1996 14:12:15 -0800 (PST)

Art Mulder writes:
> I'd like to hear from anyone who has made use of access control in
> letting users update their entries. Can you provide me with some
> slapd.conf examples?

I'm not using Kerberos, but this is how I allow my users to update any
attribute in their own entry. The userPassword attribute is only visible
if you're authenticated as the entry (the "$^" hack is to catch anonymous
users, which for some reason don't match the preceeding simple *).

defaultaccess read

access to attrs=userPassword
by self write
by * none
by dn="^$" none

access to *
by self write

If you wanted some read-only attributes, just insert the following before the
"access to *":

access to attrs=read-only-attrs
by * read

Mark Bixby                      E-mail:
Coast Community College Dist.   Web:
District Information Services   1370 Adams Ave., Costa Mesa, CA, USA 92626-5429
Technical Support               +1 714 432-5865 x7064
"You can tune a file system, but you can't tune a fish." - tunefs(1M)