[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP password information update failed: Server is unwilling to perform shadow context; no update referral

To: openldap-technical@openldap.org
Subject: LDAP password information update failed: Server is unwilling to perform shadow context; no update referral
From: paulpierre.brun@free.fr
Date: Thu, 4 Jun 2009 16:40:21 +0200 (CEST)
In-reply-to: <967893675.345131244126412260.JavaMail.root@spooler1-g27.priv.proxad.net>

Objet: LDAP password information update failed: Server is unwilling to perform shadow context; no update referral


Hello,
I try to change password on customer, to a referal thru a overlay chain config.
I have answer LDAP password information update failed: Server is unwilling to perform.
OS REDHAT 5.2.
openldap openldap-2.4.16

could you help me ?

Thanks

Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Server is unwilling to perform
shadow context; no update referral
passwd: Permission denied

Master conf ldap-v000
----------------------

overlay syncprov
syncprov-checkpoint 100 10

# allow the world read access
access to *
 by dn="cn=Manager,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn="cn=samba,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn.base="cn=replication_ldap,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by self write
 by * read

# restrict userPassword for authentication only, allowing changes by user

access to attrs=userPassword
 by dn="cn=Manager,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn="cn=samba,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn.base="cn=replication_ldap,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by self write
 by * none


Slave conf 
----------
overlay         chain
chain-uri       ldap://ldap-v000/
chain-idassert-bind     bindmethod=simple
                        binddn="cn=replication_ldap,dc=mydomaine,dc=mydomaine2,dc=fr"
                        credentials=secret
                        mode=self
                        flags=non-prescriptive


# allow the world read access
access to *
 by dn="cn=Manager,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn="cn=samba,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn.base="cn=replication_ldap,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by self write
 by * read

# restrict userPassword for authentication only, allowing changes by user
#access to dn.subtree="ou=Aliases,dc=mydomaine,dc=mydomaine2,dc=fr" by * read

access to attrs=userPassword
 by dn="cn=Manager,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn="cn=samba,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by dn.base="cn=replication_ldap,dc=mydomaine,dc=mydomaine2,dc=fr" write
 by self write
 by * none

Prev by Date: Re: create new ldap database query
Next by Date: Re: create new ldap database query
Index(es):
- Chronological
- Thread