Allow standard user to query pwdChangedTime

This topic has 2 replies, 2 voices, and was last updated 3 years, 8 months ago by chris-fry.

  • Author
  • #23974

    Hi all,

    I have an application with a standard user account in OpenDJ (not Directory Manager) that needs to read the pwdChangedTime attribute from any user.

    What’s the best way to allow this?




    You just need to add an ACI that allows the user to read the attribute within the subtree.
    I would recommend adding the ACI in the top entry of your data (dc=example,dc=com for example).


    Thanks, Ludo – sounds good.


Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?