[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy pwdReset

To: openldap-software@openldap.org, Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: ppolicy pwdReset
From: greek ordono <grexk@yahoo.com>
Date: Sat, 26 Jul 2008 01:53:25 -0700 (PDT)
In-reply-to: <87r69hm48d.fsf@magenta.l4b.de>

I'm getting this error:

=> access_allowed: read access to "uid=techsupport,ou=Users,dc=moldex,dc=group" "userPassword" requested
=> acl_get: [1] attr userPassword
=> slap_access_allowed: result not in cache (userPassword)
=> acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=replicator,ou=dsa,dc=moldex,dc=group
<= check a_dn_pat: *
<= acl_mask: [2] applying +0 (break)
<= acl_mask: [2] mask: =0
=> acl_get: [2] attr userPassword
=> slap_access_allowed: result not in cache (userPassword)
=> acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=samba,ou=dsa,dc=moldex,dc=group
<= check a_dn_pat: cn=nssldap,ou=dsa,dc=moldex,dc=group
<= check a_dn_pat: cn=squid,ou=dsa,dc=moldex,dc=group
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [5] applying auth(=xd) (stop)
<= acl_mask: [5] mask: auth(=xd)
=> slap_access_allowed: read access denied by auth(=xd)
=> access_allowed: no more rules
send_search_entry: conn 9 access to attribute userPassword, value #0 not allowed

--- On Sat, 7/26/08, Dieter Kluenter <dieter@dkluenter.de> wrote:

From: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: ppolicy pwdReset
To: openldap-software@openldap.org
Date: Saturday, July 26, 2008, 3:06 PM

Hi,

greek ordono <grexk@yahoo.com> writes:

> Hello,                         
                                           
>                                                                           
> I getting the following error:                                            
> "LDAP password information update failed: Insufficient access        
    
> Operations are restricted to bind/unbind/abandon/StartTLS/modify
password"
>                                                                           
> when I try to add pwdReset on users.                                      

Run slapd -d acl

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: ppolicy pwdReset
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

References:
- Re: ppolicy pwdReset
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: make output of ldapsearch readable (disable base64)
Next by Date: Re: make output of ldapsearch readable (disable base64)
Index(es):
- Chronological
- Thread