[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7021) pwdAllowUserChange: FALSE disallows password change by anybody



Full_Name: 
Version: 2.4.26
OS: 
URL: 
Submission from: (NULL) (84.128.254.201)


slapo-ppolicy(5) says:

       pwdAllowUserChange

       This attribute specifies whether users are allowed to  change
       their  own passwords or not.  If pwdAllowUserChange is set to
       "TRUE", or if the attribute is not  present,  users  will  be
       allowed  to  change  their  own  passwords.   If its value is
       "FALSE", users will not be allowed to change their own  pass-
       words.

Given this text I'd expect that admins can still set the userPassword attribute.
Such a policy is often used for system/machine accounts where the machine entity
itself does not have to change the password but an admin should be allowed to do
so.

Unfortunately if (pwdAllowUserChange=FALSE) no password change is allowed at
all. slapd returns: "Insufficient access: User alteration of password is not
allowed"