[Date Prev][Date Next] [Chronological] [Thread] [Top]

re: access - some success, some failure

To: squeegy+ldap@squeegy.org
Subject: re: access - some success, some failure
From: "Antonín Novak" <noc@cca.cz>
Date: Thu, 27 Jan 2000 14:44:13 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.21.0001250825370.18398-100000@wiggles.squeegy.org>

I don't know if yours is the same problem as mine, but I was 
experiencing the same sort of problem.

I used the -t option to target the dn I wanted to amend the 
password for.


My LDAPPASSWD command was a  follows:-

./ldappasswd -p 390 -b "dc=pokuscca,dc=cz"  -D "
cn=noc,dc=pokuscca,dc=cz" -t "cn=zzz,dc=pokuscca,dc=cz" -W.

Where noc is a user who has the authority to write to attr 
userpassword and zzz is the user I am changing the password for.

It also works if I specify zzz instead of noc.

My Conf file looks like this:
access to attr=userpassword
        by self write
        by dn="cn=noc,dc=pokuscca,dc=cz" write
        by * none

I hope this is of help.


On 25 Jan 00, at 9:20, squeegy+ldap@squeegy.org wrote:

> Thank you to Kurt, David and everyone else that has helped.  I really
> appreciate it.
> 
> I have part of my slapd.conf at the end of this message 
> 
> Thing that work:
> 
> No-one can search anonymously - excelent
> I can login and search from Netscape - most excelent
> 
> Things that don't:
> 
> When I get my search results back from Netscape, I select a
> record to display it fully and I get "Not found" from Netscape.  
> Why am I getting search results but can't display the entire record?
> When I do a search with ldapsearch, i am getting the entire record.
> 
> When i try to change a password with ldappasswd like so:
> 
> ldappasswd -D "cn=JT Chiodi,ou=Employee,dc=amsite,dc=com" -b "dc=amsite,dc=com"
> 
> I get:
> 
> New password: 
> Re-enter new password: 
> ldap_modify: Insufficient access
> 
> Shouldn't I be able to change my ldappasswd with my current access?
> 
> Can i use the passwd field from the /etc/shadow file on a Red Hat 6.1
> system instead of ldappasswd to have encrypted passwords?  I remember
> reading somewhere that this was possible for the root password in the
> slapd.conf.  Is it possible in the directory itself?
> 
> slapd.cof - access section
> ##########################################################################
> 
> access to attr=owner
>         by dnattr=owner write
>         by * read
> 
> access to attr=entry
>         by self write
>         by dnattr=owner write
>         by dn=".+" read
>         by * read
> 
> access to attr=cn,givenName,sn,uid,mail
>         by self write
>         by dnattr=owner write
>         by dn=".+" read
>         by * search
> 
> access to attr=userpassword
>         by self write
>         by dnattr=owner write
>         by * none
> 
> access to *       
> 	by self write
>         by dnattr=owner write
>         by dn=".+" read
>         by * none
> 
> index cn,sn,uid,mail
> index objectclass pres,eq
> index default none
> 
> 
> 
> ___________________
> 
> Jt "The Squeegy" Chiodi
> 
> http://www.squeegy.org/
> squeegy@squeegy.org

References:
- re: access - some success, some failure
  - From: squeegy+ldap@squeegy.org

Prev by Date: why would ldap_open() set errno 2?
Next by Date: less access
Index(es):
- Chronological
- Thread