Ubuntu – How to allow LDAP user to change password


I want to allow ldap user to change their password but how?
passwd? or ldappasswd? It won't work for me this time.
What will be the configurations for this in order the user will successfully change their passwords?

Any help will do. Thanks.

Best Answer

in the slapd.conf write access control rule

access to attrs=userPassword   
by self =xw

But you should be aware that specific rules are to be written first and general rule at the end.
for example following rule has to be written at the end.

access to * by * read 

for more information visit: http://www.openldap.org/doc/admin24/access-control.html

slapd.conf is generally located in

/etc/openldap or  
/etc/ldap/ or 
/usr/local/etc/openldap/ or  

There are some changes in newer versions of ldap where slapd.conf is supported but by default the data is stored in slapd.d directory. if you put your custom slapd.conf there, the process will read slapd.conf instead of slapd.d directory

Things to notice

  1. sometimes slapd.conf is present in both local as well as global path try changing both
  2. delete slapd.d direcotry as it is default to make slapd.conf work