Privileges - restrict "changepassword"
[181 byte] By [rdevries] at [2007-11-26 10:36:50] 
Hi there,Does anyone know whether its possible to give an account privileges to add/modify/delete ldap entries, but restrict the ability to change passwords? R.
# 1
Sure it is possible.
Depending on what access controls are set in your server you can:
- make sure that no aci grant write access to the password (userPassword attribute).
- create aci that deny write access to the password (although I would recommend the first solution. Deny aci are difficult to manage and explain as they are creating exceptions to the access granted. Also when removing a deny ACI, rights are not removed, the opposite rights are in fact granted, reducing the overall security.
Regardsm
Ludovic.
ludovicp at 2007-7-7 2:47:46 >
# 2
Hi Ludovicp; thank you for your reply. I am going to play with this today and try to get more familiar with acis.rdevries at 2007-7-7 2:47:46 >
Web & Directory Servers New Topic
Web & Directory Servers Hot Topic
- alias of entry in sun one directory server 5.2
- Linking IM Users with LDAP accounts using reconciliation Not working..Pls
- Unable to aprouve definitively certificate by sun one console
- Web Server 7 Admin Server and Self-Signed certificate
- AM 7.1 Start Stop
- [URGENT] Newby - Sun Java System Identity Manager
- Symbolic links in webapp
- Need asssitance on openSSO/Access Manager-policy agent on tomcat 5.5
Web & Directory Servers
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding