Ok, from what I found on yet another website, my ACL is now:

access to attrs=userPassword
          by self write
          by * auth

access to *
    by * read

This works, and lets users change their passwords... EXCEPT that on the ldap server itself, where it still wants the old password. I've tried this, and a coworker's tried, and we both, as users, have the same thing happening. This was why I added that shadowLastChange, which didn't seem to help.

Any suggestions?

    mark, *extremely frustrated"

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)
https://www.redhat.com/mailman/listinfo/redhat-list