How to disable password change for openldap user?

Posted by Keve on Server Fault See other posts from Server Fault or by Keve
Published on 2014-05-31T12:36:57Z Indexed on 2014/05/31 15:32 UTC
Read the original article Hit count: 170

Filed under:
|

Considering possible solutions for some improvements I run into this theoretical question and I couldn't find a satisfying answer. Some of you may have first-hand experience with this in practice, so here the question goes:

How can I disable password changing for an OpenLDAP user?

The account must stay enabled, allowed to log on to workstations and work as usual, but should not be able to change its own password. Can this be done? If so, how difficult is it to implement it?

All suggestions are appreciated!

For reference: Servers and workstations are to run a mixture of FreeBSD and OpenBSD. Accounts to get password disabled are student or generic workstation accounts. Environment is a school.

© Server Fault or respective owner

Related posts about ldap

Related posts about openldap