Hi,

Ok 

my rule is 
access to dn.regex="^mail=([^,]+),ou=([^,]+),jvd=([^,]+),o=hosting,dc=myhosting,dc=example$"
            attrs=userPassword
            by dn.exact="mail=$1,ou=$2,jvd=$3,o=hosting,dc=myhosting,dc=example" write
            by dn.exact,expand="mail=$1,ou=$2,jvd=$3,o=hosting,dc=myhosting,dc=example" read
            by dn="cn=Manager,dc=myhosting,dc=example" write
            by users none
            by * none

this doesn't work , users can't change their own password.

Also try this;


access to attrs=userpassword
  by self       write
  by anonymous  auth
  by dn="cn=Manager,dc=myhosting,dc=example" write
  by users none
  by *          none

 doesn't work again.

open ldap have another parameter for these things ???

??
On Tue, Dec 20, 2011 at 8:56 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
--On Tuesday, December 20, 2011 4:28 PM +0200 Selcuk Yazar <selcuk.yazar@gmail.com> wrote:

access to
dn.regex="(.*,ou=(.+),jvd=([^,]+),o=hosting,dc=myhosting,dc=example)"
        attrs=userPassword
        by self write
        by users write

"by users write" will allow any authenticated user to overwrite anyone's password.  I'm guessing you really do *not* want this rule.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



--
Selçuk YAZAR
http://www.selcukyazar.blogspot.com