RE: LDAP authentication error
- From: Craig White <craigwhite@xxxxxxxxxxx>
- Date: Wed, 09 Dec 2009 09:48:25 -0700
On Wed, 2009-12-09 at 08:54 -0600, Dan Burkland wrote:
While I operate a similar network I don't require password resets (I have them choose a long and more secure password). In order for them to be able to change their password you would have to allow them write permission to their own userPassword attributes by putting something like the following in your slapd.conf file:----
Access to dn.children="ou=People,dc=domain,dc=com" attrs=userPassword
By self write
I do not know if the built in password management tools support LDAP but if they do the above will allows those changes to be made.
if everything is set up correctly with nsswitch.conf, an LDAP user
should be able to change his/her password like user in /etc/passwd.
but yes, if the 'user' does not have ACL permissions to write their own
password, similar to the method you indicated above, that would cause a
problem.
Lastly, you probably enabled ppolicy when you set up LDAP - not a bad
idea but I would expect that is why it is asking for the users to change
passwords...you might want to review the policies that are set up in
LDAP.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
- References:
- LDAP authentication error
- From: Luc MAIGNAN
- RE: LDAP authentication error
- From: Dan Burkland
- LDAP authentication error
- Prev by Date: Re: Google Chrome repo now available
- Next by Date: Re: fedora-list Digest, Vol 70, Issue 59
- Previous by thread: RE: LDAP authentication error
- Next by thread: SB driver in F12 ?
- Index(es):
Relevant Pages
|
