[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More on my password problem



All the config files for it are on:

   http://www.chadera.net/ldap

I agree with you about it being an access problem.

The ACL section from slapd.conf looks like:


# -------------------------------------------------------------------- # Access Control Policy #

access  to attr=userPassword
       by dn="cn=Manager,dc=ldap-test,dc=com" write
       by self         write
       by anonymous    auth
       by *            none

access  to *
       by self write
       by *    read

-Ric



luiz@pucrs.br wrote:

Hi Ric

It seems to me (newbie) a ACL problem. Can you send your slapd.conf? I
think that is interesting send /etc/pam.d/passwd too.
Are there something like this in yor slapd.conf?

<snip>

# ACLs
password-hash {CRYPT}
access to attribute=userPassword
       by self write
       by dn="cn=admin,dc=my,dc=domain" write
       by dn="cn=proxyagent,ou=contasIT,dc=my,dc=domain" read
       by * compare
access to *
       by * read

<snip>

Best regards



"Tibbetts, Ric" <ric.tibbetts@ngc.com> To: openldap-software@OpenLDAP.org Sent by: cc: owner-openldap-software@O Subject: More on my password problem penLDAP.org 28/07/2003 14:19




All; I stumbled on this. Aparently, my password problem is worse than I thought.

The set up:
            Server:  Solaris 9.0 w/OpenLdap 2.1.22
            client:  Redhat 8.0 & 9 with default ldap instl.

If (on the client, logged in as the user), I type passwd, I get an
Authentication error.

If (as root) I type "id <user>", I get the correct uid, and group
entries. No problem there.
But, if as root, I type "passwd -S <user>", I get: "Unknown user"

So, for some reason, the passwd command is failing to authenticate.
(BTW: The user IS able to log in. So "login" authenticates fine, it's
just passwd that doesn't).

I'd really appreciate any thoughts on this.

Thanks!

Ric