Commit 22f14d88 authored by Pierangelo Masarati's avatar Pierangelo Masarati Committed by Quanah Gibson-Mount
Browse files

add notes about pwdAllowUserChange (more about ITS#7021)

parent b6ec428a
......@@ -414,6 +414,23 @@ is set to "TRUE", or if the attribute is not present, users will be
allowed to change their own passwords. If its value is "FALSE",
users will not be allowed to change their own passwords.
.LP
Note: this implies that when
.B pwdAllowUserChange
is set to "TRUE",
users will still be able to change the password of another user,
subjected to access control.
This restriction only applies to modifications of ones's own password.
It should also be noted that
.B pwdAllowUserChange
was defined in the specification to provide rough access control
to the password attribute in implementations that do not allow fine-grain
access control.
Since OpenLDAP provides fine-grain access control, the use of this attribute
is discouraged; ACLs should be used instead
(see
.BR slapd.access (5)
for details).
.LP
.RS 4
( 1.3.6.1.4.1.42.2.27.8.1.14
NAME 'pwdAllowUserChange'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment