On Wed, 2009-12-09 at 08:54 -0600, Dan Burkland wrote: > While I operate a similar network I don't require password resets (I have > them choose a long and more secure password). In order for them to be able to > change their password you would have to allow them write permission to their > own userPassword attributes by putting something like the following in your > slapd.conf file: > > Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword > By self write > > I do not know if the built in password management tools support LDAP but if > they do the above will allows those changes to be made. > ---- if everything is set up correctly with nsswitch.conf, an LDAP user should be able to change his/her password like user in /etc/passwd.
but yes, if the 'user' does not have ACL permissions to write their own password, similar to the method you indicated above, that would cause a problem. Lastly, you probably enabled ppolicy when you set up LDAP - not a bad idea but I would expect that is why it is asking for the users to change passwords...you might want to review the policies that are set up in LDAP. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
