> Ok - I'll create an LDAP user specifically for changing passwords, and > set that as my "ldap admin dn" in the smb.conf, so the change won't be > done by the rootdn, as recommended by Adam and yourself. I'll then > create an entry in the slapd.conf like the one below and give that a shot.
Excellent, I'm very interested to see what happens at that point. > >> # ACL's > >> access to > >> attrs=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChange,shadowMax,sambaPwdLastSet,sambaPwdMustChange > >> by self write > >> by * auth > access to > attrs=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChange,shadowMax,sambaPwdLastSet,sambaPwdMustChange,pwdChangedTime,pwdHistory > by dn="cn=pwchanger,dc=example,dc=com" write > >> access to * > >> by * read -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org
