Re: configure OpenLDAP to allow directory users - change password

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday 13 September 2007 22:54:45 Gavin Henry wrote:
> <quote who="Anne Moore">
>
> > HI Gavin
> >
> > The clients we use are Red Hat ES 4.0 systems (40 of them).
> >
> > Any ideas on how to allow my users to change their own passwords?
>
> ldappasswd?

Or, if you've set pam up correctly, passwd.

> > Thank you for the help!
> >
> > Anne
> >
> > Gavin Henry <ghenry@suretecsystems.com> wrote:
> >> Hi All
> >>
> >> Does anyone know how to configure OpenLDAP to allow directory users to
> >> change their own passwords?
> >
> > You don't mention anything about the clients you are using or your ACLs

The default ACLs shipped in most default slapd.conf files usually has 
something like this, which would be sufficient:

access to attrs=userPassword
	by self write
	by * auth


> >> I've using Openldap-2.2.13-7.4E (on my RedHat server)
> >
> > See the our recommendations of using Red Hat OpenLDAP software in the
> > archives.

2.2 is deprecated. 2.3 is current, and has some features (for example password 
policy enforcement) that you may desire/require.

Packages are available that install cleanly in parallel, such as mine:

http://staff.telkomsa.net/packages/rhel4/openldap/