Le 04/09/2015 00:11, Alex Moen a écrit :
OK, I figured this out on my own... and I feel even less professional
and knowledgeable than before. Though, I have learned something, and
that's worth something.
For others who may run into this: as long as your LDAP server accepts
the extensibleObject attribute (from what I understand, most modern
LDAP servers do), there is no need to add anything to the schema: the
extensibleObject IS the attribute. So, the script will add the name
and answer of the question to the user's entry all by itself.
There is one caveat that I found (and, if I am wrong, or there is an
option I am not aware of, someone PLEASE set me straight!): to use
this feature and have the ability to save the question/answer pair in
the user's LDAP entry, the "$who_change_password" option in the
config.inc.php file MUST be manager. Using "user" in this setting
will cause an error to occur, and the question/answer pair will not be
added to the user's entry.
Beware not to mistake attributes for object classes. In SSP, you
configure the objectclass (by default: extensibleObject) and the
attribute (by default: info). You can whatever you want here to comply
with your shema.
To be able to change the password as user, you need to add an ACL to
allow user to write on the "info" (or whatever you set) attribute. Else
you can indeed use the manager account.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-users
