10

Is it possible to change password for logged in LDAP user using passwd command?

I have logged in to server1 using testuser. Trying to change password for itself (testuser) and got the below error. 

[testuser@server1 ~]$ passwd  
Changing password for user testuser.  
(current) LDAP Password:  
New password:  
Retype new password:  
password change failed: Insufficient access  
passwd: Authentication token manipulation error
Improve this question
3
  • 1
    Check out this answer. You need to set an acl to allow the user to change his or her own password. Commented Aug 15, 2016 at 19:48
  • 2
    Put something like this in your cn=config, olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none Commented Aug 15, 2016 at 19:57
  • Did you try to use $ ldappasswd command? Commented Dec 20, 2016 at 18:57

1 Answer 1

Reset to default
1

See "OPERATION REQUIREMENTS" in slapd.access(5).

Unfortunately setting up ACLs in OpenLDAP is non-trivial, and you can easily lock everybody out, except the admin.

But your ACLs for the database should contain something like (using the cn=config format):

...
olcAccess: {5}to attrs=userPassword by self write by * auth
olcAccess: {6}to attrs=shadowLastChange by self write by * none
olcAccess: {7}to * by * read
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.