[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3573) 2.3.1alpha & ppolicy modules

To: openldap-its@OpenLDAP.org
Subject: (ITS#3573) 2.3.1alpha & ppolicy modules
From: kevin.spicer@bmrb.co.uk
Date: Thu, 3 Mar 2005 09:10:23 GMT

Full_Name: Kevin Spicer
Version: 2.3.1alpha
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.190.55.157)


When using the ppolicy module with 2.3.1 alpha it is not possible for a user to
change their own password using the ldappasswd program, they get an Insufficient
Access error.

Logs revealed that the user was not being granted permission to change the
PwdChangedTime attribute - obviously you don't want users to change this.

I applied the fix Howard previously suggested for a similar issue on an earlier
version, adding NO-USER-MODIFICATION to the pwdChangedTime, pwdGraceUseTime,
pwdExpirationWarned, pwdHistory attributes in ppolicy.c.  This has solved the
problem for me.

Prev by Date: (ITS#3574) server hangs on multiple diverse queries
Next by Date: (ITS#3575) slurpd error message could be more descriptive
Index(es):
- Chronological
- Thread