On 20/07/2013, at 9:58 AM, Augustin Wolf <augustynw...@gmail.com> wrote:

> Hi list,
> I have a user management in LDAP, as it works fine for user (can
> login, do `passwd` to change his password, etc.)
> But, root cannot change users password otherwise as via ldapmodify. Is
> it normal behavior, or do I have some configuration errors?
> For now, LDAP ACL was "turned off" - every user has manage permission,
> I will change this as soon as root can change user password.
> SELlinux was also turned off to eliminate it's potential interference.
> Iptables was "turned off", as well.
> 
> Configs, logs, etc are in here: http://fpaste.org/26708/
> Thanks in advance,
> Augustyn
> -- 
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org

Each user will have permission on their own ldap object they bind to, to change 
their passwords. Root may not be able to bind to ldap, or roots object doesn't 
have the acl to modify the password attr on the user's object.

What ldap server are you using? You may consider contacting thier mailing lists 
for help. They will know more abput their specific acl behaviours and besr 
practice for this style of password management. 

Sincerely,

William
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Reply via email to