[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: change password not possible for all users

Alexandre Garel schrieb:

Jürgen Magin a écrit :

Hi list

I have an issue with ACL's  for attribute userPassword .

The entry in slapd.conf  is
access to attr=userPassword
       by self write
       by anonymous auth
       by dn="cn=Manager,dc=rfsystems,dc=de" write
       by * none

For a user like
   "cn=Nobody,dc=rfsystems,dc=de"
it is possible to change the his password, but a user like
   "cn=Nobody,ou=sales,dc=rfsystems,dc=de"
it is not.
I tried several entries for userPassword, but it doesn't work.
What do i wrong.
Any advice is appreciated.


ps: please, don'T tell me read slapd.access or something like that.
I tried it before.

Is there any other ACL rule before that one ? When openldap processes ACL it stops to the first acl which what close fits .


These ACL's are before the userPassword ACL.

access to dn="cn=Manager,dc=rfsystems,dc=de"
by * none
access to dn="cn=Gott,dc=rfsystems,dc=de" attr=userPassword
by self write
by * auth
access to dn.children="dc=rfsystems,dc=de" filter="objectclass=sambaSamAccount"
by dn="cn=Administrator,ou=Users,ou=Netzwerk,dc=rfsystems,dc=de" write
by * read


--
Mit freundlichen Grüßen

Jürgen Magin

**************************************************************
# # # OCTOGON Software Development GmbH #
# http://www.octo-soft.de #
# #
# Jürgen Magin, Einsteinstr. 11, D 68519 Viernheim #
# #
# Tel : +49 6204/738353 #
# Fax : +49 6204/914875 #
# EMail : gaston@octo-soft.de #
# #
**************************************************************