[CentOS] Centos DS and user password change

Mon Dec 6 10:44:59 UTC 2010
Stanislav Vlasov <vlasov.s.v at neyvabank.ru>

[stas at ds ~]$ cat /etc/redhat-release 
CentOS release 5.5 (Final)

[stas at ds ~]$ rpm -qa | grep centos-ds
centos-ds-admin-8.1.0-9.el5.centos.1
centos-ds-8.1.0-1.el5.centos.2
centos-ds-base-8.1.0-0.14.el5.centos.2
centos-ds-console-8.1.0-5.el5.centos.2

ds installed for:
1) linux workstations authentication
2) mail (accounts & aliases)
3) samba
4) squid acls

Exists several r/o replicas. All services and workstations work with replica, not with main server.

Now i need some interface for change user's own password by user.

Password change must be on main server.
I try login by user to main server, and i can't change own password.
Added that ACL (via centos-idm-console):

(targetattr = "userPassword") 
(version 3.0;
acl "ChangePass";
allow (write)
(userdn = "ldap:///self") and 
(dns="*.neyvabank.ru")
;)

No effect.
How i can give rights to users for change passwords?

-- 
Stanislav