[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3573) 2.3.1alpha & ppolicy modules

Full_Name: Kevin Spicer
Version: 2.3.1alpha
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

When using the ppolicy module with 2.3.1 alpha it is not possible for a user to
change their own password using the ldappasswd program, they get an Insufficient
Access error.

Logs revealed that the user was not being granted permission to change the
PwdChangedTime attribute - obviously you don't want users to change this.

I applied the fix Howard previously suggested for a similar issue on an earlier
version, adding NO-USER-MODIFICATION to the pwdChangedTime, pwdGraceUseTime,
pwdExpirationWarned, pwdHistory attributes in ppolicy.c.  This has solved the
problem for me.