[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: GSSAPI fails?
Did you set ACLs to grant each user to modify its loginshell entry?
Something like this should do:
# Allow users to change their login shell by themselves
access to attrs=loginShell
by self write
Diego
On Mon, 10 May 2004, Sensei wrote:
> Hi.
>
> I've set up a kerberos realm and now I'm trying to make openldap use k5
> credential, without success.
>
> First, I'm using debian stable, so I'm using ldap 2.0.23. I know it has
> some incompatibilities and so I have NO suffix (base DN).
>
> My realm is PLM.A.B.COM, the ldap/kdc server is plm.a.b.com. I can log
> in with a ldap user, it gets the right tickets, but when I try to modify
> my loginShell attribute I get this:
>
>
> $ ldapmodify -v -f user.ldif
> SASL/GSSAPI authentication started
> SASL SSF: 56
> SASL installing layers
> modifying entry "uid=ldaptest"
> replace loginShell:
> /bin/bash
> ldap_modify: Insufficient access
>
> ldif_record() = 50
> $
>
>
> What should I do?
>
> --
> Sensei <mailto:senseiwa@tin.it>
> <icqnum:241572242>
> <msn-id:Sensei_Sen@hotmail.com>
> Error: Keyboard not found. Press F1 to continue...
>