Thanks for your help, I got it working. Actually I was using the guide I've
mentioned below yesterday already.
I've then added the new group:
dn: cn=sys_allow_password_change,ou=Groups,dc=ldap,dc=example,dc=com
changetype: add
cn: sys_allow_password_change
ou: Groups
objectClass: top
objectClass: groupOfNames
description: tagGroup
member: uid=svc_pw_change,ou=Service accounts,dc=ldap,dc=example,dc=com
and altered my first file as you suggested:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
-
add: olcAccess
olcAccess: {0}to attrs=userPassword
by self write
by
group.exact="cn=sys_allow_password_change,ou=Groups,dc=ldap,dc=example,dc=com"
write
by dn="cn=admin,dc=ldap,dc=example,dc=com" manage
by anonymous auth
by * none
Now the user is able to change everyones password, Thanks for your help!
> Quanah Gibson-Mount <[email protected]> hat am 17.01.2022 22:37 geschrieben:
>
>
> --On Monday, January 17, 2022 10:30 PM +0100 [email protected] wrote:
>
> > But this should be resolved, as soon as I've switched everything to LDAP
> > groups. Could you please confirm that this guide is correct for enabling
> > the groupOfNames?
> > https://kifarunix.com/how-to-create-openldap-member-groups/ Thank you
> > very much!
>
> That guide is incorrect. You haven't stated what release of OpenLDAP
> you're using, but I'd recommend OpenLDAP 2.5 or later. I would also try
> and not rely on random external documentation on how to use OpenLDAP as
> most of it is wrong to varying degrees.
>
> Start with the OpenLDAP official documentation: https://www.openldap.org/
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
