Allow standard user to query pwdChangedTime

This topic contains 2 replies, has 2 voices, and was last updated by  chris-fry 8 months, 4 weeks ago.

  • Author
    Posts
  • #23974
     chris-fry 
    Participant

    Hi all,

    I have an application with a standard user account in OpenDJ (not Directory Manager) that needs to read the pwdChangedTime attribute from any user.

    What’s the best way to allow this?

    Thanks,

    Chris

    #23975
     Ludo 
    Moderator

    You just need to add an ACI that allows the user to read the attribute within the subtree.
    I would recommend adding the ACI in the top entry of your data (dc=example,dc=com for example).

    #23979
     chris-fry 
    Participant

    Thanks, Ludo – sounds good.

    Chris

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?