[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy : managing passwords by another user than root



On Sun, Jan 31, 2010 at 12:55:33PM +0100, Smaïne Kahlouch wrote:

> I'm trying to allow a user to change the passwords of users in a
> specific subtree.

> I figured it out by playing with the acl's but when enabling password
> policy the user uid=admin-sales can't change passwords anymore. The only
> user alloweded is the admin (root user).
> 
> Is there a way to do so or is it impossible for another user than root
> to manage passwords with ppolicy enabled?

It should be possible, but as Michael says, you have not
provided enough information. You should post the full set of
ACLs and enough of the DIT so that people can understand what
you are doing. You should also post the exact commands you
use for testing, and the output from them.

You will find examples of how to delegate control to
specific users in my paper "Writing Access Control Policies
for LDAP":

	http://www.skills-1st.co.uk/papers/ldap-acls-jan-2009/

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------