OpenLDAP Server: shadowLastChange should be readeable for all
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-docs (Ubuntu) |
Fix Released
|
Low
|
Connor Imes |
Bug Description
Binary package hint: ubuntu-docs
Ubuntu Documentation > Ubuntu 9.10 > Ubuntu Server Guide > Network Authentication > OpenLDAP Server
http://
In the "Setting up ACL" section of the current draft I believe the proposed configuration is not enought to get a satisfying setup (ie. one that does not ask user to change her password at each logins: "You are required to change your password immediately (password aged)")
From the current doc:
olcAccess: {0}to attrs=userPassw
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=
A working conf:
olcAccess: {0}to attrs=userPassword by dn="cn=
olcAccess: {1}to attrs=shadowLas
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by dn="cn=
Matthieu, thanks for your report. I don't know much about OpenLDAP, but I think I see what you are doing here. I have committed this requested change to the Lucid dev branch, rev. 433. Please don't hesitate to file more bugs for any problems you find with the docs.