While I operate a similar network I don't require password resets (I have them choose a long and more secure password). In order for them to be able to change their password you would have to allow them write permission to their own userPassword attributes by putting something like the following in your slapd.conf file: Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword By self write I do not know if the built in password management tools support LDAP but if they do the above will allows those changes to be made. Regards, Dan -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Luc MAIGNAN Sent: Wednesday, December 09, 2009 6:13 AM To: Community assistance, encouragement, and advice for using Fedora. Subject: LDAP authentication error Hi, I use an OpenLDAP server to permit users to log in their computers. All seem to be ok but for a while. After several days, users are required to change their passwords (I've never configured it) and they cannot do that (they are said they don't have enough rights to do this). Has anyone an idea to prevent the unsollicited change of password ? BR -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines