[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL issue: "Insufficient access"
I've just installed LDAP and changed authentication from shadow to LDAP
for all my users. Everything went on smooth without complaints until
people tried to change their passwords. When I tried to do it myself
this is what happened:
bash-2.05$ passwd
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Insufficient access
passwd: Permission denied
I traced down the problem and came to the conclusion that it has nothing
to do with PAM, it is a matter of permisions on the directory, users can
perform searchs like this just fine:
dpuertas@gandalf:~$ ldapsearch -D "uid=dpuertas, ou=Empleado, ou=Reduc,
ou=DireccionSuperior, ou=People, dc=uc, dc=edu, dc=ve" -x -W
'(uid=dpuertas)'
But when they try to modify their own entry, LDAP tells them they have
insufficient access:
dpuertas@gandalf:~$ ldapmodify -D "uid=dpuertas, ou=Empleado, ou=Reduc,
ou=DireccionSuperior, ou=People, dc=uc, dc=edu, dc=ve" -x -W -f
diego2.ldif
Enter LDAP Password:
modifying entry "uid=dpuertas, ou=Empleado, ou=Reduc,
ou=DireccionSuperior, ou=People, dc=uc, dc=edu, dc=ve"
ldap_modify: Insufficient access
ldif_record() = 50
Now, you would asume that the problem is in the ACLs, but they are just
fine (at least that's what I think :); these are my ACLs and, as you can
see, self can write:
access to dn="" by * read
access to *
by self write
by users read
by anonymous auth
Any help will be appreciated
--
Ing. Diego A. Puertas Fernández
Analista Programador
Universidad de Carabobo RedUC
Usuario Linux #114434