[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy pwdReset

To: openldap-software@openldap.org
Subject: Re: ppolicy pwdReset
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sat, 26 Jul 2008 12:58:07 +0200
In-reply-to: <954617.27345.qm@web53905.mail.re2.yahoo.com> (greek ordono's message of "Sat, 26 Jul 2008 01:53:25 -0700 (PDT)")
References: <954617.27345.qm@web53905.mail.re2.yahoo.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

greek ordono <grexk@yahoo.com> writes:

> I'm getting this error:                                                                                  
>                                                                                                          
> => access_allowed: read access to "uid=techsupport,ou=Users,dc=moldex,dc=group" "userPassword" requested 
> => acl_get: [1] attr userPassword                                                                        
> => slap_access_allowed: result not in cache (userPassword)                                               
> => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested
> => acl_mask: to value by "", (=0)                                                                        
> <= check a_dn_pat: cn=replicator,ou=dsa,dc=moldex,dc=group                                               
> <= check a_dn_pat: *                                                                                     
> <= acl_mask: [2] applying +0 (break)                                                                     
> <= acl_mask: [2] mask: =0                                                                                
> => acl_get: [2] attr userPassword                                                                        
> => slap_access_allowed: result not in cache (userPassword)                                               
> => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested
> => acl_mask: to value by "", (=0)                                                                        
> <= check a_dn_pat: cn=samba,ou=dsa,dc=moldex,dc=group                                                    
> <= check a_dn_pat: cn=nssldap,ou=dsa,dc=moldex,dc=group                                                  
> <= check a_dn_pat: cn=squid,ou=dsa,dc=moldex,dc=group                                                    
> <= check a_dn_pat: self                                                                                  
> <= check a_dn_pat: anonymous                                                                             
> <= acl_mask: [5] applying auth(=xd) (stop)                                                               
> <= acl_mask: [5] mask: auth(=xd)                                                                         
> => slap_access_allowed: read access denied by auth(=xd)                                                  
> => access_allowed: no more rules                                                                         
> send_search_entry: conn 9 access to attribute userPassword, value #0 not allowed                         

For this search your rule no. 5 is applicable, and this rule disallows
read access to attribute userPassword.
Change your access rules accordingly.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- Re: ppolicy pwdReset
  - From: greek ordono <grexk@yahoo.com>

Prev by Date: Re: make output of ldapsearch readable (disable base64)
Next by Date: Re: make output of ldapsearch readable (disable base64)
Index(es):
- Chronological
- Thread