[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allow changing userPassword only through extended operations?

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: allow changing userPassword only through extended operations?
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Mon, 27 Aug 2007 15:45:53 +0000
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <46D2F2F8.6060304@sys-net.it>
References: <1i3hnei.plq0qlvjypvrM%manu@netbsd.org> <46D2F2F8.6060304@sys-net.it>
User-agent: Mutt/1.4.2.3i

On Mon, Aug 27, 2007 at 05:51:20PM +0200, Pierangelo Masarati wrote:
> I don't think it's possible (please correct me).  A solution I see is to 
> delegate password changes to an applicative agent (like pam_ldap, I 
> think) configured to use passwd exop under an identity that has write 
> permissions on the userPassword attribute of the users.

Of course, that an ideal situation, but I'm looking for a ban on 
direct userPassword change because I have not found how to get 
the client doing the right thing (it's MacOS X's OpenDirectory)

-- 
Emmanuel Dreyfus
manu@netbsd.org

References:
- allow changing userPassword only through extended operations?
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: allow changing userPassword only through extended operations?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: allow changing userPassword only through extended operations?
Next by Date: Re: syncrepl with ssl
Index(es):
- Chronological
- Thread