[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL Problem, Insufficient access (50)
- To: <OpenLDAP-software@OpenLDAP.org>
- Subject: ACL Problem, Insufficient access (50)
- From: "Amir Saad" <Amir.Saad@bibalex.org>
- Date: Thu, 22 Dec 2005 16:19:16 +0200
- Content-class: urn:content-classes:message
- Thread-index: AcYHArEVH7uJKE6bTi+OqskQ8CG72g==
- Thread-topic: ACL Problem, Insufficient access (50)
i use openldap 2.3.11 , Heimdal Kerberos , Fedora 4
login authenticated through kerberos and i use ldap for user info (instead of NIS)
the problem is i cannot change password for any authenticated user using GSSAPI even with rootdn
i tried to use -x and it worked only with the rootdn
here is my ACL files: (manager is my rootdn)
*************************************************************************************************************************
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,dc=org" attrs=userPassword
by dn="cn=Manager,dc=test,dc=domain,dc=mydomain,dc=org" write
by self write
by * auth
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,dc=org"
by * read
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,dc=org"
by self write
by * read
*************************************************************************************************************************
and here is the error:
**************************************************************************************************************************
ldappasswd -Y GSSAPI -S "uid=sonne,ou=People,dc=test,dc=domain,dc=mydomain,dc=org "
New password:
Re-enter new password:
SASL/GSSAPI authentication started
SASL username: sonne@TEST.DOMAIN.MYDOMAIN.ORG
SASL SSF: 56
SASL installing layers
Result: Insufficient access (50)
*****************************************************************************
i hope you can help!
thanks alot
Amir Saad
Software Engineer