Bind user with rights to change password.
Jan Kowalsky
jankow at datenkollektiv.net
Fri Jan 9 22:34:19 CET 2015
Am 29.12.2014 um 04:20 schrieb bshaw at vsvinc.com:
> Nikolai,
> The trick is to create an ACI rule that gives the desired permission to your bind user. I'm not near my LDAP server at the moment to work out an example but if you need one, let me know and when I'm next on that system, I'll work it out.
>
> Brian
>
> Sent from Nine
>
> From: Nikolai Maziashvili <mlist_kolab at cyclinggeorgian.com>
> Sent: Dec 28, 2014 7:18 PM
> To: Users
> Subject: Bind user with rights to change password.
>
maybe something like this (unproved):
# add special bind user for owncloud
dn: uid=owncloud-bind,ou=Special Users,dc=example,dc=com
changetype: add
sn: bind
uid: owncloud-bind
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
givenName: owncloud
cn: owncloud bind
userPassword: secret
# allow user to change password in the specific domain
dn: dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr = "*") (version 3.0; acl "Owncloud Bind User"; allow
(read,compare,search) (userdn = "ldap:///uid=owncloud-bind,ou=Special
Users,dc=example,dc=com");)
aci: (targetattr = "userPassword") (version 3.0;acl "Owncloud Bind
User";allow(read,search,compare,add,write,selfwrite,delete)(userdn =
"ldap:///uid=owncloud-bind,ou=Special Users,dc=example,dc=com");)
If you have multiple domains you have to do the last step for every
domain where this bind user should have the ability to change password.
Regards
Jan
More information about the users
mailing list