[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More on my password problem

Hello Ric

> My users do not/will not have access to the server. They must change
> their passwords on the clients.
> Can your users change their password on the client?

Yes. With this ACL, users can change their passwords normally with the
'passwd' unix command:

<- SNIP ->
password-hash {CRYPT}
access to attribute=userPassword
        by self write
        by dn="cn=admin,dc=my,dc=domain" write
        by dn="cn=proxyagent,ou=contasIT,dc=my,dc=domain" read
        by * compare
access to *
        by * read
<- SNIP ->

The detail is that if I don´t use "password-hash {CRYPT}" (previously I
used {MD5}), when the user changes his password, the new password is not
recognized. With {CRYPT} I didn´t have more problems. "proxyagent" is for
my SUN profile.