Hello Martin,
The rootdn can always change everything everywhere. So, I guess you should use the root dn to do that. You ACL simply says that only the user himself/herself can change the password.
Best regards,
Claus
________________________________
Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Martin Benson Gesendet: Sonntag, 18. Mai 2008 20:17 An: openldap-technical@openldap.org Betreff: Help with ACL's for userPassword updates
Hi I need some help with the Access Control Lists in my slapd.conf file. I need to allow myself to update a user's password for when they forget their password. With no ACL's in place I can do this using a ldapmodify command that authenticates as "cn=Manager,dc=example,dc=com". I normally have the following in my ACL's:
access to attrs=userPassword by self write by anonymous auth by * none access to * by * read
What do I need to do to change this to allow the manager to change the userPassword attribute.
Thanks Martin Benson
openldap-technical@openldap.org