24 Dec
2012
24 Dec
'12
4:21 a.m.
Arthur de Jong wrote:
You should probably grant the user the right permissions to update the userPassword and shadowLastChange attributes.
Yes, the user should have write-only access to userPassword.
But if the user has write access to 'shadowLastChange' he could circumvent the shadowAccount-based password policy. So this is bad advice.
Ciao, Michael.