openldap, user passwords, *sorta* working

[m.roth2006 at rcn.com]

Ok, from what I found on yet another website, my ACL is now:

access to attrs=userPassword
                by self write
                by * auth

 access to *
        by * read

This works, and lets users change their passwords... EXCEPT that on the ldap server itself, where it still wants the old password. I've tried this, and a coworker's tried, and we both, as users, have the same thing happening. This was why I added that shadowLastChange, which didn't seem to help.

Any suggestions?

       mark, *extremely frustrated"