Le 13/04/2020 à 19:34, Hannah Chenh a écrit :
> Hello,
> I have a question related to rootdn and password policy.
> I understand that the rootdn can bypass all restrictions.
> We have a requirement to bypass a password policy for the admin user.
> Is there a way to create the admin user so that this user can have the same
> privilege as rootdn and I don't need to bind as rootdn in my application?
> Currently I have granted the following to the admin_user:
> ===
> dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess
> olcAccess: {0}to attrs=userPassword by self write by
> anonymous auth by dn.base="cn=Manager,dc=abcdomain,dc=com" write
> by dn.base="uid=admin_user,ou=Service
> Accounts,dc=abcdomain,dc=com" write by * none olcAccess: {1}to *
> by self write by dn.base="cn=Manager,dc=abcdomain,dc=com"
> write by dn.base="uid=admin_user,ou=Service
> Accounts,dc=abcdomain,dc=com" write by * read
>
> ===
> Any help would be appreciated.
I have done some tests today, I did not find a solution.
I tried to give the "manage" right to a service account, and then use
the relax or ManageDSAIT controls to force the change of a password
which is too short, it is always rejected. The modification is only
accepted if it is done by rootdn.
--
Clément Oudot | Identity Solutions Manager
[email protected]
Worteks | https://www.worteks.com
