passwordchanger

just saying

for the user-who-can-change-passwords-so-as-to-disable-them…

the file

[email protected]:/etc/ldap/slapd.d/cn=config# pwd
/etc/ldap/slapd.d/cn=config
[email protected]:/etc/ldap/slapd.d/cn=config# cat olcDatabase\={1}hdb.ldif

the bits that matter i think

olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=some
,dc=where,dc=out,dc=there,dc=wooo” write by self write by anonymous auth by no
ne
olcAccess: {1}to dn.base=”” by
read
olcAccess: {2}to by dn=”cn=admin,dc=some,dc=where,dc=out,dc=there,dc=wooo” wr
ite by
read
olcAccess: {3}to attrs=userPassword,shadowLastChange by self read

but i’m not sure about the syntax. i think this might let “tester” do it?

olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=some
,dc=where,dc=out,dc=there,dc=wooo” write by dn=”cn=tester,ou=people,dc=some
,dc=where,dc=out,dc=there,dc=wooo” write by self write by anonymous auth by * no
ne