On Friday, 23 July 2010 21:49:36 Steven Truong wrote: > Dear, all. I have been searching low and high for a tool that can let > users to change their passwords in 389 DS or OpenLDAP? I think there > is a real need for such a tool and I hope that people already wrote > such a tool... > > Please share your ways of how you allow your users to change their > passwords or other setup/architecture that allow this function. > > Beside that, I also recommend Apache Studio as a great tool to work > with LDAP servers..... > Thank you in advance.
For users who don't authenticate via PAM or similar, I wrote a simple perl CGI (which supports ppolicy): http://staff.telkomsa.net/~bgmilne/ldap/ldap-passwd.pl I use it in conjunction with a script to notify users of their impending password expiry: http://staff.telkomsa.net/~bgmilne/ldap/find-ldap-expired.pl They share config files, but you can use the first without the 2nd. I have only used it against OpenLDAP so far, but I might need to add support for AD soon ... Regards, Buchan
