Not sure if this belongs more on serverfault or not...
BACKGROUND:
I am using openldap, and pam/nss/ldap for authentiction on my server (webmail, etc).
My files, which work fine:
/etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
access to attrs=userPassword,shadowLastChange
by dn="cn=Admin,dc=MYDOMAIN,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=Admin,dc=MYDOMAIN,dc=com" write
by * read
database bdb
suffix dc=MYDOMAIN,dc=com
rootdn cn=Manager,dc=MYDOMAIN,dc=com
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
But when I change the access to:
access to *
by self write
by users read
by anonymous auth
access to attrs=userPassword
by self write
by anonymous auth
by * none
I can no longer login anymore. How can I write this so that I can still login, but that everyone in the world doesn't have read writes?