Le 02/06/15 08:49, Kiran Ayyagari a écrit : > On Tue, Jun 2, 2015 at 10:17 AM, Mark-nospam <[email protected]> > wrote: > >> The last version I was using M17, I believe my scripts were able to bind >> with a private apps admin user and then create new users with passwords. >> I updated to M20, this operation now fails with : "Non-admin user cannot >> access another user's password to modify it" >> I thought there was recent discussion on this but I failed to find it in >> the mail >> archives and I don't see anything in changes between M17-M20 related to >> this. >> >> Regardless, I would like to resolve in correct manner going forward. >> >> Is it possible to create user A in partition A that can acquire Admin role >> for changing passwords >> for other users in partition A or partition B etc. >> >> Can this group be used to associate other users as admins? DN: >> cn=Administrators,ou=groups,ou=system >> >> Or, is DN: uid=admin,ou=system the only user going forward which can make >> passwords changes >> when the requesting user doesn't match user-password. >> > currently this is the only way, (we have been discussing on how to grant > other users admin privilege, but > this is not there in the server yet)
You can also define an ACL to allow a set of users to modify the userPassword attributes. This is a bit convoluted, but this is the way to go. We can try to give you some example of configuration later (a bit busy atm).
