On 20/07/2013, at 9:58 AM, Augustin Wolf <augustynwilk@xxxxxxxxx> wrote: > Hi list, > I have a user management in LDAP, as it works fine for user (can > login, do `passwd` to change his password, etc.) > But, root cannot change users password otherwise as via ldapmodify. Is > it normal behavior, or do I have some configuration errors? > For now, LDAP ACL was "turned off" - every user has manage permission, > I will change this as soon as root can change user password. > SELlinux was also turned off to eliminate it's potential interference. > Iptables was "turned off", as well. > > Configs, logs, etc are in here: http://fpaste.org/26708/ > Thanks in advance, > Augustyn > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org Each user will have permission on their own ldap object they bind to, to change their passwords. Root may not be able to bind to ldap, or roots object doesn't have the acl to modify the password attr on the user's object. What ldap server are you using? You may consider contacting thier mailing lists for help. They will know more abput their specific acl behaviours and besr practice for this style of password management. Sincerely, William -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
