[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: Re: userPasswd problem]



My own solution to this.

	My users are on win2k clients, and change the password on the win2k
client via samba. Samba uses smbldap-passwd (from samba-tng) as password
program. I alter this to modify the userPassword attribute in ldapDB
insted of calling ldappasswd.
This is the only solution I'v found, but pleas tell me if I'm wrong.

regards 
roger

On Fri, 2002-05-17 at 14:49, Roger Helgesen wrote:
> I'v narrowed it down to that this only happends when i have a replogfile
> directive in slapd.conf
> I realy need some help here.
> 
> regards roger
> On Wed, 2002-05-15 at 14:41, Roger Helgesen wrote:
> > 
> > 
> > I'v now tested my replication and it it works. The one problem (as far
> > as I know) I have is that changing password (userPassword).
> > 'ldappasswd -x -D "cn=JokkeManager,dc=htg,dc=org" -w secret username -s
> > newsecret'
> > 
> > Result: DSA is unwilling to perform (53)
> >  Additional info: authorization database is a read-only replica
> > 
> > As you can see 'm running the ldappasswd command as rootdn and still get
> > this error !
> > is there anyone that can help me with this ?
> > 
> > regards
> > Roger Helgesen
> > 
> > Slapd.conf (I'v taken out all the comments to save space)
> > 
> > ###############################
> > 
> > include		/etc/openldap/schema/core.schema
> > include		/etc/openldap/schema/cosine.schema
> > include		/etc/openldap/schema/inetorgperson.schema
> > include		/etc/openldap/schema/nis.schema
> > include		/etc/openldap/schema/redhat/rfc822-MailMember.schema
> > include		/etc/openldap/schema/redhat/autofs.schema
> > include		/etc/openldap/schema/redhat/kerberosobject.schema
> > include		/etc/openldap/schema/sambatng.schema-v3-egen
> > include		/etc/openldap/schema/qmail.schema
> > include		/etc/openldap/schema/qmailControl.schema
> > 
> > 
> > ####    Mine Acces lister
> > 
> > access to dn=".*,dc=htg,dc=org" attr=userPassword
> > 	by self write
> > 	by dn="cn=PondusManager,dc=htg,dc=org" write
> > 	by dn="uid=root,ou=SystemBrukere,dc=htg,dc=org" write
> > 	by * auth
> > 	
> > access to dn=".*,dc=htg,dc=org" 
> > 	by self write
> > 	by dn="cn=PondusManager,dc=htg,dc=org" write
> > 	by * read
> > 
> > access to *
> > 	by dn="cn=ReplicaMasterJokke,dc=htg,dc=org" write
> > 	by * read
> > 
> > access to * by * read
> > 
> > #######################################################################
> > # ldbm database definitions
> > ######################################################################
> > loglevel 264
> > 
> > database	ldbm
> > suffix		"dc=htg,dc=org"
> > rootdn		"cn=JokkeManager,dc=htg,dc=org" 
> > rootpw		{MD5}XsAM4fAnjvju4pOM9oOrYA==
> > 
> > password-hash {md5}
> > 
> > directory	/var/lib/ldap
> > # Indices to maintain
> > index	objectClass,uid,uidNumber,gidNumber,memberUid	eq
> > index	cn,mail,surname,givenname			eq,subinitial
> > index	rid						eq
> > 
> > # Replicas to which we should propagate changes
> > replica host=pondus.hau.htg.org:389 
> > 	binddn="cn=JokkeManager,dc=htg,dc=org"
> > 	bindmethod=simple 
> > 	credentials=Yfw98ah7
> > 
> > replogfile /var/lib/ldap/master-slapd.replog
> > 
> > updatedn	cn=PondusManager,dc=htg,dc=org
> > 
> > ########################################################
> > 
> > On Tue, 2002-05-14 at 10:49, Roger Helgesen wrote:
> > > Hi !
> > > 
> > > I'v patch openldap 2.0.23-4 with the multimaster patch
> > > (http://www.openldap.org/lists/openldap-software/200204/msg00681.html)
> > > 
> > > After that (i belive thats when the prob. started) I can not change
> > > userPasswd for users. New users does not get a passwd either
> > > 
> > > The userPasswd attr says {crypt}x
> > > 
> > > When I try to change a users passwd with 
> > > 
> > > 'ldappasswd -x -D "cn=manager,dc=htg,dc=org" -w secret username' I get
> > > 
> > > Result: DSA is unwilling to perform (53)
> > > Additional info: authorization database is a read-only replica
> > > 
> > > I'm confused. Adding and deleting users works fine. And also changing
> > > smb passwd (via smbldap-passwd.pl) works fine. 
> > > 
> > > smbldap-passwd should change both passwd, and it did before
> > > 
> > > Could anyone help me ?
> > > 
> > > I'm a novice at LDAP. Do you need more info, slapd.conf ldap.conf ?
> > > 
> > > regards 
> > > Roger Helgesen
> > > 
> > > 
> > > 
> > 
> > 
>