By default only a few administrative users have write access to the LDAP database. Before your users may change their settings you must allow them to change their LDAP data.
Hint: The ACLs below are not required if you decide to run all operations as the LDAP bind user (option "Use for all operations").
This can be done by adding ACLs to your slapd.conf or slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to these:
access to
attrs=userPassword
by self write
by anonymous auth
by * none
access to
attrs=mail,sn,givenName,telephoneNumber,mobile,facsimileTelephoneNumber,street,postalAddress,postOfficeBox,postalCode,roomNumber,shadowLastChange,passwordSelfResetAnswer,passwordSelfResetQuestion,passwordSelfResetBackupMail
by self write
by * read
If you do not want them to change all attributes then reduce the list to fit your needs. Some modules may require additional LDAP attributes. You can use the tree view to get the technical attribute names e.g. by selecting an user account.
Usually, the slapd.conf file is located in /etc/ldap or /etc/openldap.