[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems allowing users to change their own passowrds



I know this is an old issue and I've searched on the net and tried those, but haven't had any luck. I'm using openldap 2.3.43.

In /etc/openldap/slapd.conf, I have set:

access to attrs=userPassword,shadowLastChange
 by self write
 by anonymous auth
 by * none

(Of course restarted the slapd), but no luck.  Insufficient permissions.

The logs shows the account binding successfully, but then: vm001 slapd[pid]: => access_allowed: backend default write access denied to "uid=james,ou=Users,o=dallas"

The complete logs are below. As a test I even tried giving global write access to the password, but it still doesn't work. (The only one who is able to change a users password is the Directory administrator)

General log:
------------
vm001 slapd[pid]: conn=2 fd=17 ACCEPT from IP=127.0.0.1:36479 (IP=0.0.0.0:389) vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt" method=128 vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt" mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=2 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=2 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new
vm001 slapd[pid]: conn=2 op=2 UNBIND
vm001 slapd[pid]: conn=2 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=2 fd=17 closed

With Debuging with ACL Listing:
--------------------------------

vm001 slapd[pid]: conn=5 fd=16 ACCEPT from IP=127.0.0.1:47612 (IP=0.0.0.0:389) vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=users,o=masprt" method=128 vm001 slapd[pid]: => access_allowed: auth access to "uid=james,ou=Users,o=masprt" "userPassword" requested vm001 slapd[pid]: => access_allowed: backend default auth access granted to "(anonymous)" vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=Users,o=masprt" mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=5 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=5 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new
vm001 slapd[pid]: => access_allowed: backend default write access denied to "uid=james,ou=Users,o=masprt"
vm001 slapd[pid]: conn=5 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=5 op=2 UNBIND
vm001 slapd[pid]: conn=5 fd=16 closed

Any help or idea would be appreciated.

thanks,
James