[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
re: access - some success, some failure
I don't know if yours is the same problem as mine, but I was
experiencing the same sort of problem.
I used the -t option to target the dn I wanted to amend the
password for.
My LDAPPASSWD command was a follows:-
./ldappasswd -p 390 -b "dc=pokuscca,dc=cz" -D "
cn=noc,dc=pokuscca,dc=cz" -t "cn=zzz,dc=pokuscca,dc=cz" -W.
Where noc is a user who has the authority to write to attr
userpassword and zzz is the user I am changing the password for.
It also works if I specify zzz instead of noc.
My Conf file looks like this:
access to attr=userpassword
by self write
by dn="cn=noc,dc=pokuscca,dc=cz" write
by * none
I hope this is of help.
On 25 Jan 00, at 9:20, squeegy+ldap@squeegy.org wrote:
> Thank you to Kurt, David and everyone else that has helped. I really
> appreciate it.
>
> I have part of my slapd.conf at the end of this message
>
> Thing that work:
>
> No-one can search anonymously - excelent
> I can login and search from Netscape - most excelent
>
> Things that don't:
>
> When I get my search results back from Netscape, I select a
> record to display it fully and I get "Not found" from Netscape.
> Why am I getting search results but can't display the entire record?
> When I do a search with ldapsearch, i am getting the entire record.
>
> When i try to change a password with ldappasswd like so:
>
> ldappasswd -D "cn=JT Chiodi,ou=Employee,dc=amsite,dc=com" -b "dc=amsite,dc=com"
>
> I get:
>
> New password:
> Re-enter new password:
> ldap_modify: Insufficient access
>
> Shouldn't I be able to change my ldappasswd with my current access?
>
> Can i use the passwd field from the /etc/shadow file on a Red Hat 6.1
> system instead of ldappasswd to have encrypted passwords? I remember
> reading somewhere that this was possible for the root password in the
> slapd.conf. Is it possible in the directory itself?
>
> slapd.cof - access section
> ##########################################################################
>
> access to attr=owner
> by dnattr=owner write
> by * read
>
> access to attr=entry
> by self write
> by dnattr=owner write
> by dn=".+" read
> by * read
>
> access to attr=cn,givenName,sn,uid,mail
> by self write
> by dnattr=owner write
> by dn=".+" read
> by * search
>
> access to attr=userpassword
> by self write
> by dnattr=owner write
> by * none
>
> access to *
> by self write
> by dnattr=owner write
> by dn=".+" read
> by * none
>
> index cn,sn,uid,mail
> index objectclass pres,eq
> index default none
>
>
>
> ___________________
>
> Jt "The Squeegy" Chiodi
>
> http://www.squeegy.org/
> squeegy@squeegy.org