Closed ilanni2460 closed 3 years ago
@coudot need you
It should mean that your non administrator account cannot read the ppolicy entry, so can't check if the password has expired or not. Adapt your ACL.
@coudot If I use this non administrator account, the pwdChangedTime field of the account can be queried through the ldapsearch command and this account has permission to access this password policy
Check that the account can read pwdMaxAge value of the ppolicy entry.
@coudot Yes, what you said is very correct. It is indeed because this account does not have permission to query the pwdMaxAge field. Now it is ok to re-adjust the ACL policy for this account. Thank you very much, you are so awesome the acl : olcAccess: {6} to dn.subtree="cn=default,ou=policies,dc=ilanni,dc=com" by dn.children="cn=security_account,ou=policies,dc=ilanni,dc=com" read by * none
Recently, a problem was discovered in the process of using the service desk。 The service desk does not show that the password has expired, use non-ldap management users
If you use the ldap administrator user to query the account, it can show that the account password has expired on the web page:
If you use ldap as a non-administrator user, and you can query the account, it cannot show that the account password has expired on the web page:
The content of the service desk configuration file is as follows: