Hi, I appreciate the help, no amount of using search engines found me that, what does the "Allow Users to Change their Passwords" in General Settings do? ________________________________ From: Rob Crittenden via 389-users <389-users@lists.fedoraproject.org> Sent: Monday, July 7, 2025 7:03 PM To: Mark Reynolds <marey...@redhat.com>; General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org> Cc: Van Remoortere, Arnaud <avanr...@akamai.com>; Rob Crittenden <rcrit...@redhat.com> Subject: [389-users] Re: user password change issue
!-------------------------------------------------------------------| This Message Is From an External Sender This message came from outside your organization. |-------------------------------------------------------------------! Mark Reynolds wrote: > > On 7/7/25 1:51 PM, Rob Crittenden via 389-users wrote: >> Van Remoortere, Arnaud via 389-users wrote: >>> Hi there, I've created a posixAccount with a userPassword and can login >>> using this user over SSH, the issue is that although "Allow Users to >>> Change their Passwords" is selected in General Settings, I only managed >>> to allow a user to change their own password by writing an ACI: >>> >>> (target="ldap:///cn=jack,ou=users,dc=lab";)(targetattr="userPassword")(version >>> >>> 3.0; acl "password"; allow(write) >>> userdn="ldap:///cn=jack,ou=users,dc=lab";;) >>> >>> I'm hoping to not need an ACI for each user if there's a better way? >> There is a bind type of "self" which applies to the bound user. >> Self-service basically. >> >> This is from the 389-ds docs on access control: >> >> # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com -x >> >> dn: ou=People,dc=example,dc=com >> changetype: modify >> delete: aci > I think you mean "add", not "delete" :-) This this a copy/paste from > the docs? If so, can you send me the link? It was PEBKAC. The docs show both how to add the new ACI and how to delete it. I flipped back and forth and copied the wrong one. https://urldefense.com/v3/__https://docs.redhat.com/en/documentation/red_hat_directory_server/12/html-single/managing_access_control/index*con_how-directory-server-handles-acis-in-a-replication-topology_assembly_managing-access-control-instructions__;Iw!!GjvTz_vk!QY4YZHQZMvzIpVaqnAnYzm7TOmi7pGPD-JmrDAzEDJkhiyXD5QMFWE0tzOdDNxQXq-YAwHFy9ly4-jIq8OmOG6Fiq_DA$ rob >> aci: (targetattr="userPassword") (version 3.0; acl "Allow users >> updating their password"; allow (write) userdn= "ldap:///self";;) >> >> rob >> -- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://urldefense.com/v3/__https://docs.fedoraproject.org/en-US/project/code-of-conduct/__;!!GjvTz_vk!QY4YZHQZMvzIpVaqnAnYzm7TOmi7pGPD-JmrDAzEDJkhiyXD5QMFWE0tzOdDNxQXq-YAwHFy9ly4-jIq8OmOG1GrIoWV$ List Guidelines: https://urldefense.com/v3/__https://fedoraproject.org/wiki/Mailing_list_guidelines__;!!GjvTz_vk!QY4YZHQZMvzIpVaqnAnYzm7TOmi7pGPD-JmrDAzEDJkhiyXD5QMFWE0tzOdDNxQXq-YAwHFy9ly4-jIq8OmOG-wkhGTP$ List Archives: https://urldefense.com/v3/__https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org__;!!GjvTz_vk!QY4YZHQZMvzIpVaqnAnYzm7TOmi7pGPD-JmrDAzEDJkhiyXD5QMFWE0tzOdDNxQXq-YAwHFy9ly4-jIq8OmOG_LS2SZX$ Do not reply to spam, report it: https://urldefense.com/v3/__https://pagure.io/fedora-infrastructure/new_issue__;!!GjvTz_vk!QY4YZHQZMvzIpVaqnAnYzm7TOmi7pGPD-JmrDAzEDJkhiyXD5QMFWE0tzOdDNxQXq-YAwHFy9ly4-jIq8OmOG3TQ31Js$
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
