On 20 July 2013 10:52, William Brown <will...@firstyear.id.au> wrote:
>> For now, LDAP ACL was "turned off" - every user has manage permission,
> Each user will have permission on their own ldap object they bind to, to
> change their passwords.
> Root may not be able to bind to ldap, or roots object doesn't have the acl to
> modify the password attr on the user's object.
It is not entirely true. With ACL as above, or commonly used ACL:
to userPassword by self write by * auth
it is true, but users tend to forgot their passwords, and You don't
have to give them write permission to yserPassword attribute. Now
there need to be some other way for administrator to reset users
passwords. Command "passwd" is most common, and doesn't require admin
to remember user DN.
> What ldap server are you using? You may consider contacting thier mailing
> lists for help.
>[root@ldap ~]# cat /etc/openldap/ldap.conf |grep -ve "^#"|grep -ve "^$"
>> Configs, logs, etc are in here: http://fpaste.org/26708/
it is openldap. thanks, I will.
> Sincerely,
> William
Thanks for reply
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
