Hi I need some help with the Access Control Lists in my slapd.conf file. I need to allow myself to update a user's password for when they forget their password. With no ACL's in place I can do this using a ldapmodify command that authenticates as "cn=Manager,dc=example,dc=com". I normally have the following in my ACL's:
access to attrs=userPassword by self write by anonymous auth by * none access to * by * read
What do I need to do to change this to allow the manager to change the userPassword attribute.
Thanks Martin Benson
Hi Martin,
Martin Benson a écrit :
Hi I need some help with the Access Control Lists in my slapd.conf file. I need to allow myself to update a user’s password for when they forget their password. With no ACL’s in place I can do this using a ldapmodify command that authenticates as “cn=Manager,dc=example,dc=com”. I normally have the following in my ACL’s:
access to attrs=userPassword by self write by anonymous auth by * none access to * by * read
What do I need to do to change this to allow the manager to change the userPassword attribute.
If your "cn=Manager,dc=example,dc=com" user is the rootdn of your database, you should be able to modify any attributes using this account, whatever your ACLs.
Otherwise, or if you want to allow this explicitly, you could add this line after "by self write": by dn.exact="cn=Manager,dc=example,dc=com" write
Regards,
openldap-technical@openldap.org