On Tuesday, 20 December 2011 10:55:12 Selcuk Yazar wrote: > Hi, > > I want to ldap users to change their password. > > sample user dn is > [email protected]<http://193.255.140.119/phpldapadmin/htdoc > s/cmd.php?cmd=template_engine&server_id=1&dn=mail%3Dedergi%40trakyamail.tra > kya.edu.tr%2Cou%3DKURUMSAL_SISTEMSEL%2Cjvd%3Dtrakyamail.trakya.edu.tr%2Co%3 > Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > ,ou=<http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engin > e&server_id=1&dn=ou%3DKURUMSAL_SISTEMSEL%2Cjvd%3Dtrakyamail.trakya.edu.tr%2 > Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > SOME_UNIT,jvd=.....mail.......edu.tr<http://193.255.140.119/phpldapadmin/h > tdocs/cmd.php?cmd=template_engine&server_id=1&dn=jvd%3Dtrakyamail.trakya.ed > u.tr%2Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > ,o=hosting<http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template > _engine&server_id=1&dn=o%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > > and we have acl rules in slapd.conf > > access to dn.regex=".*,ou=.*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example" > attrs=userPassword > by self write > by > group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc > =myhosting,dc=example" write > by * auth > by * none > > access to dn.regex=".*jvd=([^,]+),o=hosting,dc=myhosting,dc=example" > by self write > by > group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc > =myhosting,dc=example" write > by * read > > access to * > by * read > > i apply various rules from openldap documentation, but no one works.
It is not clear whether your 'sample user dn' matches the regex in your first rule. Why don't you provide a password changing attempt, done with 'ldappasswd', showing the full commandline, and all output. > why > users can't chage their password ? If you had provided the error code, we could have been relatively sure, but I will guess they don't have sufficient access because your regex isn't matching. Regards, Buchan
