Does the ldap-change-password plugin supports multiple OUs?

[theodotos]

Is there a way to have the 'ldap-change-password' plugin work for multiple OUs

Currently I have this in the 'User DN format' field:

uid={email:user},ou=people,dc=example,dc=com

We have created a new OU and would like to have the users in this OU be able to change their passwords too:

uid={email:user},ou=people,ou=associates,dc=example,dc=com

Is that possible?

[GoetheG]

Didn't even know that LDAP can be used.

[anunnaki-igigi]

@theodotos Currently running rainloop too, but I cannot get the ldap-change-passwd running. Dit you get it fully functioning? Regards!

[theodotos]

@jeremydeboora Only for a single OU. Whatever I tried I couldn't get users from the associates OU to use it.

[anunnaki-igigi]

@theodotos That will be my next step too, but I'm still struggling with the single OU first. I got every user in: companyID=12345,ou=People,dc=example,dc=com whatever I tried in the User DN format field, always an ldap_bind error in the logs.. Any idea?

[mungsesagar]

@theodotos That will be my next step too, but I'm still struggling with the single OU first. I got every user in: companyID=12345,ou=People,dc=example,dc=com whatever I tried in the User DN format field, always an ldap_bind error in the logs.. Any idea?

Please check LDAP ACL. Please allow attribute userpassword to be only authenticate by anonymous. always disable anonymous bind in LDAP configuration.

access to attrs=userPassword by anonymous auth

and

disallows bind_anon

add above to lines in your slapd.conf and restart the service.

Please revert if problem resolved or post error.

Thank you.

[theodotos]

@anunnaki-igigi try to run the same query with ldapsearch. If that does not work you need to look into your ldap setup.

[oliverbs2381]

Could this module work with windows active directory? I tried to test it and it gives me the following error:

LDAP[WARNING]: ldap_bind error: Invalid credentials (49) INFO[NOTICE]: Error: Can't change password for user@domain.com account.