fix: fix #104 - LDAP userPassword attribute can be read without auth

2026-06-08 20:20:04 +08:00 · 2025-10-16 15:58:43 +02:00
parent 219899adfc
commit f253158ae7
3 changed files with 40 additions and 0 deletions
--- a/config/ldap/ldif/50_acls.ldif
+++ b/config/ldap/ldif/50_acls.ldif
@@ -0,0 +1,12 @@
+# OpenCloud ldap acl file which gets applied during the first db initialisation
+dn: olcDatabase={2}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to dn.subtree="dc=opencloud,dc=eu" attrs=entry,uid,objectClass,entryUUID
+  by * read
+olcAccess: {1}to attrs=userPassword
+  by self write
+  by * auth
+olcAccess: {2}to *
+  by dn.base="uid=admin,ou=users,dc=opencloud,dc=eu" write
+  by * none