[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Help with ACL's for userPassword updates

To: <openldap-technical@openldap.org>
Subject: AW: Help with ACL's for userPassword updates
From: "Kick, Claus" <claus.kick@siemens.com>
Date: Tue, 20 May 2008 12:30:23 +0200
Content-class: urn:content-classes:message
In-reply-to: <000801c8b913$625c1c20$0200a8c0@martinb>
References: <000801c8b913$625c1c20$0200a8c0@martinb>
Thread-index: Aci0WUfSmqO76z5GRWKRtAkRj5qg4QGCtGbw
Thread-topic: Help with ACL's for userPassword updates

Hello Martin,

The rootdn can always change everything everywhere. So, I guess you
should use the root dn to do that.
You ACL simply says that only the user himself/herself can change the
password.

Best regards,

Claus 

________________________________

Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org
[mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org]
Im Auftrag von Martin Benson
Gesendet: Sonntag, 18. Mai 2008 20:17
An: openldap-technical@openldap.org
Betreff: Help with ACL's for userPassword updates



Hi I need some help with the Access Control Lists in my slapd.conf file.
I need to allow myself to update a user's password for when they forget
their password. With no ACL's in place I can do this using a ldapmodify
command that authenticates as "cn=Manager,dc=example,dc=com". I normally
have the following in my ACL's:

 

 

access to attrs=userPassword
        by self write
        by anonymous auth
        by * none
access to * by * read

 

 

What do I need to do to change this to allow the manager to change the
userPassword attribute.

 

Thanks Martin Benson

Prev by Date: Re: tls issues with clients
Next by Date: ldap automount maps loading problem
Index(es):
- Chronological
- Thread