[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Problems

To: Yossef Korang <yossef@yossefk.com>
Subject: Re: Password Problems
From: Craig Squires <csquires@math.mun.ca>
Date: Tue, 8 Jul 2003 14:51:58 -0230 (NDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3F0AF6AF.7070302@yossefk.com>

On Tue, 8 Jul 2003, Yossef Korang wrote:

> I'm still having difficult with changing the password for a user.  I've 
> looked at the logs, error messages, and through debugging(and give them 
> below), and I have no clue what the problem could be.  Any help at 
> resolving this problem would be much appreciated as I cannot see what is 
> causing the problem in the first place...
> 
> slapd debug:

[...]

> => access_allowed: auth access to
> "uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" "userPassword" requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu attr:
> userPassword
> => acl_mask: access to entry 
> "uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu",
> attr "userPassword" requested
> => acl_mask: to all values by "", (=n)

That's the default "deny all" clause... Now it goes through your clause
in sequence...

> <= check a_dn_pat: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
> => string_expand: pattern:  uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
> => string_expand: expanded: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
> => regex_matches: string:
> => regex_matches: rc: 1 no matches

...root: no match

> <= check a_dn_pat: anonymous
> <= acl_mask: [2] applying auth(=x) (stop)
> <= acl_mask: [2] mask: auth(=x)
> => access_allowed: auth access granted by auth(=x)

...anonymous: match (end of game...)

[...]

> ACL's in slapd.conf:
> access to attribute=userPassword
>         by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
>         by anonymous auth
>         by self write
>         by * auth
> access to * by * read

Try changing this to:

access to attribute=userPassword
        by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
        by self write
        by * read
        by anonymous auth

Craig

-- 
........................................................................
$Id: mathdeptsysadmin,v 2.0 Tue Jul  8 14:37:37 2003 Craig Squires Exp $
Your excuse is: That's easy to fix, but I can't be bothered.
[Excuse courtesy of The BOFH-style Excuse Server: nc riemann excuses]

Follow-Ups:
- Re: Password Problems
  - From: Yossef Korang <yossef@yossefk.com>

References:
- Password Problems
  - From: Yossef Korang <yossef@yossefk.com>

Prev by Date: OpenLDAP 2.1.22 ldapadd error 80
Next by Date: Re: Password Problems
Index(es):
- Chronological
- Thread