From 9a2908fd564365955a62dda2d5e49b0b78256209 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Tue, 12 Feb 2013 17:27:08 +0000 Subject: [PATCH] self service --- lam/docs/manual-sources/howto.xml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml index a720f4c4..2c67b992 100644 --- a/lam/docs/manual-sources/howto.xml +++ b/lam/docs/manual-sources/howto.xml @@ -1170,6 +1170,8 @@ Have fun! membership check can be done with either HTTP authentication or LDAP overlays like "memberOf" + or "Dynamic lists". Dynamic lists allow to insert virtual attributes to your user entries. These can then be used for the LDAP filter (e.g. @@ -4642,13 +4644,27 @@ Run slapindex to rebuild the index. the LDAP database. Before your users may change their settings you must allow them to change their LDAP data. - This can be done by adding an ACL to your slapd.conf which looks - like this: + This can be done by adding ACLs to your slapd.conf or + slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to + these: + + access to + + attrs=userPassword + + by self write + + by anonymous auth + + by * none + + + access to - attrs=mail,sn,givenName,telephoneNumber,mobile,facsimileTelephoneNumber,street,postalAddress,postOfficeBox,postalCode,roomNumber,userPassword,shadowLastChange + attrs=mail,sn,givenName,telephoneNumber,mobile,facsimileTelephoneNumber,street,postalAddress,postOfficeBox,postalCode,roomNumber,shadowLastChange by self write