On Wed, 2009-12-09 at 08:54 -0600, Dan Burkland wrote: > While I operate a similar network I don't require password resets (I have them choose a long and more secure password). In order for them to be able to change their password you would have to allow them write permission to their own userPassword attributes by putting something like the following in your slapd.conf file: > > Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword > By self write > > I do not know if the built in password management tools support LDAP but if they do the above will allows those changes to be made. > ---- if everything is set up correctly with nsswitch.conf, an LDAP user should be able to change his/her password like user in /etc/passwd. but yes, if the 'user' does not have ACL permissions to write their own password, similar to the method you indicated above, that would cause a problem. Lastly, you probably enabled ppolicy when you set up LDAP - not a bad idea but I would expect that is why it is asking for the users to change passwords...you might want to review the policies that are set up in LDAP. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines