LDAP authentication error
Craig White
craigwhite at azapple.com
Wed Dec 9 16:48:25 UTC 2009
On Wed, 2009-12-09 at 08:54 -0600, Dan Burkland wrote:
> While I operate a similar network I don't require password resets (I have them choose a long and more secure password). In order for them to be able to change their password you would have to allow them write permission to their own userPassword attributes by putting something like the following in your slapd.conf file:
>
> Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword
> By self write
>
> I do not know if the built in password management tools support LDAP but if they do the above will allows those changes to be made.
>
----
if everything is set up correctly with nsswitch.conf, an LDAP user
should be able to change his/her password like user in /etc/passwd.
but yes, if the 'user' does not have ACL permissions to write their own
password, similar to the method you indicated above, that would cause a
problem.
Lastly, you probably enabled ppolicy when you set up LDAP - not a bad
idea but I would expect that is why it is asking for the users to change
passwords...you might want to review the policies that are set up in
LDAP.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the fedora-list
mailing list