Thanks for your help, I got it working. Actually I was using the guide I've mentioned below yesterday already.
I've then added the new group:
dn: cn=sys_allow_password_change,ou=Groups,dc=ldap,dc=example,dc=com changetype: add cn: sys_allow_password_change ou: Groups objectClass: top objectClass: groupOfNames description: tagGroup member: uid=svc_pw_change,ou=Service accounts,dc=ldap,dc=example,dc=com
and altered my first file as you suggested:
dn: olcDatabase={1}mdb,cn=config changetype: modify delete: olcAccess olcAccess: {0} - add: olcAccess olcAccess: {0}to attrs=userPassword by self write by group.exact="cn=sys_allow_password_change,ou=Groups,dc=ldap,dc=example,dc=com" write by dn="cn=admin,dc=ldap,dc=example,dc=com" manage by anonymous auth by * none
Now the user is able to change everyones password, Thanks for your help!
Quanah Gibson-Mount quanah@symas.com hat am 17.01.2022 22:37 geschrieben:
--On Monday, January 17, 2022 10:30 PM +0100 cupcake@domayn.ch wrote:
But this should be resolved, as soon as I've switched everything to LDAP groups. Could you please confirm that this guide is correct for enabling the groupOfNames? https://kifarunix.com/how-to-create-openldap-member-groups/ Thank you very much!
That guide is incorrect. You haven't stated what release of OpenLDAP you're using, but I'd recommend OpenLDAP 2.5 or later. I would also try and not rely on random external documentation on how to use OpenLDAP as most of it is wrong to varying degrees.
Start with the OpenLDAP official documentation: https://www.openldap.org/
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com