[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: LDAP authentication error



On Wed, 2009-12-09 at 08:54 -0600, Dan Burkland wrote:
> While I operate a similar network I don't require password resets (I have them choose a long and more secure password). In order for them to be able to change their password you would have to allow them write permission to their own userPassword attributes by putting something like the following in your slapd.conf file:
> 
> Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword
> 	By self write
> 
> I do not know if the built in password management tools support LDAP but if they do the above will allows those changes to be made.
> 
----
if everything is set up correctly with nsswitch.conf, an LDAP user
should be able to change his/her password like user in /etc/passwd.

but yes, if the 'user' does not have ACL permissions to write their own
password, similar to the method you indicated above, that would cause a
problem.

Lastly, you probably enabled ppolicy when you set up LDAP - not a bad
idea but I would expect that is why it is asking for the users to change
passwords...you might want to review the policies that are set up in
LDAP.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]