RE: Issue while changing user password by self

To: "Borresen, John - 0444 - MITLL" <John.Borresen@ll.mit.edu>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Subject: RE: Issue while changing user password by self

From: Craig White <CWhite@skytouchtechnology.com>

Date: Wed, 23 Dec 2015 17:27:15 +0000

Accept-language: en-US

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=CWhite@skytouchtechnology.com;

Content-language: en-US

In-reply-to: <D1ABA0029F01AE4EA344F208D704EA5327B881AC@LLE2K10-MBX01.mitll.ad.local>

References: <OFDAA9A7BE.613B5DEF-ON65257F24.00262D83-65257F24.0026D526@tcs.com> <D1ABA0029F01AE4EA344F208D704EA5327B881AC@LLE2K10-MBX01.mitll.ad.local>

Spamdiagnosticmetadata: NSPM

Spamdiagnosticoutput: 1:23

Thread-index: AQHRPaMKtVDjnbH1vUWUevs1jQfKrJ7YzzOAgAADmnA=

Thread-topic: Issue while changing user password by self

From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Borresen, John - 0444 - MITLL
Sent: Wednesday, December 23, 2015 10:13 AM
To: openldap-technical@openldap.org
Subject: RE: Issue while changing user password by self

Hello,

My users are allowed to modify their own passwords. My ACL is set like this:

olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn.exact=”cn=admin,dc=group,dc=ldap” write by * none

olcAccess: {1} to * by * read

Though not the perfect configuration but it works. In yours, I don’t see the userPassword attribute.

You might want to rethink this – you are exposing users passwords to everyone

References:

Issue while changing user password by self
- From: Rajagopal Rc <rajagopal.rc@tcs.com>
RE: Issue while changing user password by self
- From: "Borresen, John - 0444 - MITLL" <John.Borresen@ll.mit.edu>