any help here?
thx
On Mar 14, 2011, at 11:38 AM, Luo, Frank Y.F. Mr. wrote:
I have an administrative user "uid=admin,ou=people,dc=compnay,dc=com"
and The first ACI sentence is like this
access to *
by dn="
uid=admin,ou=people,dc=compnay,dc=com" manage
... {omitted} by * break
access to .....
{omitted}
I assume that allows this admin user to manage all the attribute (*) including
changing userPassword for all users. But it turns out that I still need to set
pwdAllowUserChange to TRUE in the default pwdpolicy. But as I understand this
password policy controls users changing their own password, not an
administrator covered by above ACI. Here I copied from the man page.
pwdAllowUserChange
This attribute specifies whether users are allowed to change their own
passwords or not. If pwdAllowUserChange is set to "TRUE", or if the
attribute is not present, users will be allowed to change their own
passwords. If its value is "FALSE", users will not be allowed to
change their own passwords.
There must be some misundersanding here. Anyone can help?
Thanks
Frank
