This bug is created as a clone of upstream ticket:
. Using default password policy: stored in SSHA
. Give ACI to update all attributes including userpassword.
aci: (targetattr ="*")(version 3.0;acl "allow all";allow (all) userdn="ldap:///anyone";)
.Let uid=tuser0 replace other user uid=tuser1's userpassword as follows:
$ldapmodify ... -D "uid=tuser0,dc=example,dc=com" -w password << EOF
Then, the tuser1's password is stored as a clear text.
$ldapsearch ... userpassword
Expected result: Ordinary user should not be allowed to override the password policy.
Thanks Nathan, I am marking bug as VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.