[Date Prev][Date Next] [Chronological] [Thread] [Top]

»Ø¸´: ldapmodify: Insufficient access



hi:
   your slapd.conf file config is right, you can try command like below:

    #ldappasswd -S -D"cn=Aaron, dc=liquidev, dc=com" -W -v -x

you must give the new password which you want to write in , and the old
password of that directory (old password is the regular user bind
password ----this password is the userPassword attr. of the DN of cn=Aaron,
dc=liquidev, dc=com)

                                            lucky :P) by China, X.D.Chen

-----Original Message-----
·¢¼þÈË: Mark <markc@liquidev.com>
ÊÕ¼þÈË: openldap-software@OpenLDAP.org <openldap-software@OpenLDAP.org>
ÈÕÆÚ: 2001Äê4ÔÂ9ÈÕ 12:46
Ö÷Ìâ: ldapmodify: Insufficient access


>Hello.
>
>I'm trying to install OpenLDAP to hold authentication information for my
>FTP users.  I've got it up and running, and can add and modify data as
>Manager.  I've also configured the ACL's in slapd as follows:
>
>--------------------------------------------------
>access to attr=userPassword
>       by self write
>       by anonymous auth
>       by dn="cn=Manager,dc=liquidev,dc=com" write
>       by * none
>
>access to *
>       by self write
>       by anonymous auth
>       by * read
>--------------------------------------------------
>
>However, when I try to modify the userPassword as a regular user, I get an
>Insufficient Access response.  The modification data looks like:
>
>--------------------------------------------------
>dn: cn=Aaron, dc=liquidev, dc=com
>changetype: modify
>replace: userPassword
>userPassword: {crypt}passwordremoved
>--------------------------------------------------
>
>When I turn on aggressive debugging, I see that I'm being authenticated
>but I'm not allowed to write:
>
>--------------------------------------------------
>=> access_allowed: write access to "cn=Aaron, dc=liquidev,
>dc=com" "userPassword" requested
>=> acl_get: [1] check attr userPassword
><= acl_get: [1] acl cn=Aaron, dc=liquidev, dc=com attr: userPassword
>=> acl_mask: access to entry "cn=Aaron, dc=liquidev, dc=com", attr
>"userPassword" requested
>=> acl_mask: to value by "CN=AARON,DC=LIQUIDEV,DC=COM", (=n)
><= check a_dn_pat: *
><= acl_mask: [1] applying read (=rscx) (stop)
><= acl_mask: [1] mask: read (=rscx)
>=> access_allowed: write access denied by read (=rscx)
>--------------------------------------------------
>
>I've searched google for the answer but have come up with nothing.  Can
>anyone help?  Thanks.
>
>-Mark Whittington
>Liquid Development
>
>--
>[ http://pgpkeys.mit.edu:11371/  -  search for markc@liquidev.com ]
>
>
>