Re: Admin authorization for modifying passwords, did it change ? how to apply admin role to a user ?
Le 02/06/15 08:49, Kiran Ayyagari a écrit : > On Tue, Jun 2, 2015 at 10:17 AM, Mark-nospam > wrote: > >> The last version I was using M17, I believe my scripts were able to bind >> with a private apps admin user and then create new users with passwords. >> I updated to M20, this operation now fails with : "Non-admin user cannot >> access another user's password to modify it" >> I thought there was recent discussion on this but I failed to find it in >> the mail >> archives and I don't see anything in changes between M17-M20 related to >> this. >> >> Regardless, I would like to resolve in correct manner going forward. >> >> Is it possible to create user A in partition A that can acquire Admin role >> for changing passwords >> for other users in partition A or partition B etc. >> >> Can this group be used to associate other users as admins? DN: >> cn=Administrators,ou=groups,ou=system >> >> Or, is DN: uid=admin,ou=system the only user going forward which can make >> passwords changes >> when the requesting user doesn't match user-password. >> > currently this is the only way, (we have been discussing on how to grant > other users admin privilege, but > this is not there in the server yet) You can also define an ACL to allow a set of users to modify the userPassword attributes. This is a bit convoluted, but this is the way to go. We can try to give you some example of configuration later (a bit busy atm).
Re: Admin authorization for modifying passwords, did it change ? how to apply admin role to a user ?
On Tue, Jun 2, 2015 at 10:17 AM, Mark-nospam wrote: > The last version I was using M17, I believe my scripts were able to bind > with a private apps admin user and then create new users with passwords. > I updated to M20, this operation now fails with : "Non-admin user cannot > access another user's password to modify it" > I thought there was recent discussion on this but I failed to find it in > the mail > archives and I don't see anything in changes between M17-M20 related to > this. > > Regardless, I would like to resolve in correct manner going forward. > > Is it possible to create user A in partition A that can acquire Admin role > for changing passwords > for other users in partition A or partition B etc. > > Can this group be used to associate other users as admins? DN: > cn=Administrators,ou=groups,ou=system > > Or, is DN: uid=admin,ou=system the only user going forward which can make > passwords changes > when the requesting user doesn't match user-password. > currently this is the only way, (we have been discussing on how to grant other users admin privilege, but this is not there in the server yet) > > Thanks, Mark. > > > > > > > > > > > > -- Kiran Ayyagari http://keydap.com
Admin authorization for modifying passwords, did it change ? how to apply admin role to a user ?
The last version I was using M17, I believe my scripts were able to bind with a private apps admin user and then create new users with passwords. I updated to M20, this operation now fails with : "Non-admin user cannot access another user's password to modify it" I thought there was recent discussion on this but I failed to find it in the mail archives and I don't see anything in changes between M17-M20 related to this. Regardless, I would like to resolve in correct manner going forward. Is it possible to create user A in partition A that can acquire Admin role for changing passwords for other users in partition A or partition B etc. Can this group be used to associate other users as admins? DN: cn=Administrators,ou=groups,ou=system Or, is DN: uid=admin,ou=system the only user going forward which can make passwords changes when the requesting user doesn't match user-password. Thanks, Mark.