RE: LDAP authentication error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-12-09 at 08:54 -0600, Dan Burkland wrote:
> While I operate a similar network I don't require password resets (I have them choose a long and more secure password). In order for them to be able to change their password you would have to allow them write permission to their own userPassword attributes by putting something like the following in your slapd.conf file:
> 
> Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword
> 	By self write
> 
> I do not know if the built in password management tools support LDAP but if they do the above will allows those changes to be made.
> 
----
if everything is set up correctly with nsswitch.conf, an LDAP user
should be able to change his/her password like user in /etc/passwd.

but yes, if the 'user' does not have ACL permissions to write their own
password, similar to the method you indicated above, that would cause a
problem.

Lastly, you probably enabled ppolicy when you set up LDAP - not a bad
idea but I would expect that is why it is asking for the users to change
passwords...you might want to review the policies that are set up in
LDAP.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux