[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problems allowing users to change their own passowrds
I know this is an old issue and I've searched on the net and tried
those, but haven't had any luck. I'm using openldap 2.3.43.
In /etc/openldap/slapd.conf, I have set:
access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
(Of course restarted the slapd), but no luck. Insufficient permissions.
The logs shows the account binding successfully, but then:
vm001 slapd[pid]: => access_allowed: backend default write access denied
to "uid=james,ou=Users,o=dallas"
The complete logs are below. As a test I even tried giving global
write access to the password, but it still doesn't work. (The only one
who is able to change a users password is the Directory administrator)
General log:
------------
vm001 slapd[pid]: conn=2 fd=17 ACCEPT from IP=127.0.0.1:36479
(IP=0.0.0.0:389)
vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt"
method=128
vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt"
mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=2 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=2 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new
vm001 slapd[pid]: conn=2 op=2 UNBIND
vm001 slapd[pid]: conn=2 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=2 fd=17 closed
With Debuging with ACL Listing:
--------------------------------
vm001 slapd[pid]: conn=5 fd=16 ACCEPT from IP=127.0.0.1:47612
(IP=0.0.0.0:389)
vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=users,o=masprt"
method=128
vm001 slapd[pid]: => access_allowed: auth access to
"uid=james,ou=Users,o=masprt" "userPassword" requested
vm001 slapd[pid]: => access_allowed: backend default auth access granted
to "(anonymous)"
vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=Users,o=masprt"
mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=5 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=5 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new
vm001 slapd[pid]: => access_allowed: backend default write access denied
to "uid=james,ou=Users,o=masprt"
vm001 slapd[pid]: conn=5 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=5 op=2 UNBIND
vm001 slapd[pid]: conn=5 fd=16 closed
Any help or idea would be appreciated.
thanks,
James