What are the user attributes that A manager should be granted with read&write
permissions to reset passwords for subordinate employees? The typical
implementation case: managers need to take care of password reset requests for
their subordinate employees.
I select 'userpassword' field the first time but it fails, then combine it
with other a few krb* fields but those don't help neither.
If you have the minimum field combinations to make the 'password changing'
delegation work, please feel free to post your results here. Presently I just
select ALL fields with read&right permissions to make it work, but that
definitely is a over kill and hurts privacy potentially.
Freeipa-users mailing list