1. If you can do that I think this is a bug in ldappasswd, pwdReset used
to force user to change its password *only one time*.
3. "manage" access gives "administrative privilege", while
not allow it. "administrative privilege" allow modifying some attributes
usually can (and should) not be modified. where the "administrative"
term (e.g. entryUUID).
You may find more details about that in
Le 13/05/2015 04:06, Harmandeep Kaur a écrit :
I have a quick query, I'm using openldap with ppolicy. I'm using
following ACL just to test things right, I came across the issue, for
which I'm unable to find appropriate answers:
access to * by * manage
1. How to restrict ldappasswd command to clear the pwdReset flag to
user's entry ?
2. Can some other users (member of group) can work rootdn (bypass
ppolicy like rootdn but it should apply to their account itself) ?
3. Other question is about ACL is "What's the difference between ACL
"write" and "manage" access"
write =wrscdx needed to modify/rename
manage =mwrscdx needed to manage
I'm not able to determine what access "manage" gives over and above
I didn't find much info at openldap.org