[Date Prev][Date Next] [Chronological] [Thread] [Top]

RESOLVED: Problems allowing users to change their own passowrds

To: openldap-technical@openldap.org
Subject: RESOLVED: Problems allowing users to change their own passowrds
From: James Hammett <james@hammett.be>
Date: Sat, 09 Jan 2010 10:31:54 +0100
In-reply-to: <4B45CA44.2000007@hammett.be>
References: <4B45CA44.2000007@hammett.be>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

I had copied the default config file's access line from line 70:
access to *

And had placed it under the stanza mentioned below (in the databasesection), Since it included a space, it was considered a continuationof the previous line. Deleting the space(s) solved the problem. (I alsodeleted a space before the access line for the password attr).


Thanks to Buchan Milne, for pointing out my mistake.

later,
James


James Hammett wrote:

I know this is an old issue and I've searched on the net and triedthose, but haven't had any luck. I'm using openldap 2.3.43.
In /etc/openldap/slapd.conf, I have set:

access to attrs=userPassword,shadowLastChange
 by self write
 by anonymous auth
 by * none

(Of course restarted the slapd), but no luck.  Insufficient permissions.

The logs shows the account binding successfully, but then:
vm001 slapd[pid]: => access_allowed: backend default write accessdenied to "uid=james,ou=Users,o=dallas"
The complete logs are below. As a test I even tried giving globalwrite access to the password, but it still doesn't work. (The only onewho is able to change a users password is the Directory administrator)
General log:
------------
vm001 slapd[pid]: conn=2 fd=17 ACCEPT from IP=127.0.0.1:36479(IP=0.0.0.0:389)vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt"method=128vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt"mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=2 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=2 op=1 PASSMOD id="uid=james,ou=users,o=masprt"new
vm001 slapd[pid]: conn=2 op=2 UNBIND
vm001 slapd[pid]: conn=2 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=2 fd=17 closed

With Debuging with ACL Listing:
--------------------------------
vm001 slapd[pid]: conn=5 fd=16 ACCEPT from IP=127.0.0.1:47612(IP=0.0.0.0:389)vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=users,o=masprt"method=128vm001 slapd[pid]: => access_allowed: auth access to"uid=james,ou=Users,o=masprt" "userPassword" requestedvm001 slapd[pid]: => access_allowed: backend default auth accessgranted to "(anonymous)"vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=Users,o=masprt"mech=SIMPLE ssf=0
vm001 slapd[pid]: conn=5 op=0 RESULT tag=97 err=0 text=
vm001 slapd[pid]: conn=5 op=1 PASSMOD id="uid=james,ou=users,o=masprt"newvm001 slapd[pid]: => access_allowed: backend default write accessdenied to "uid=james,ou=Users,o=masprt"
vm001 slapd[pid]: conn=5 op=1 RESULT oid= err=50 text=
vm001 slapd[pid]: conn=5 op=2 UNBIND
vm001 slapd[pid]: conn=5 fd=16 closed

Any help or idea would be appreciated.

thanks,
James

References:
- Problems allowing users to change their own passowrds
  - From: James Hammett <james@hammett.be>

Prev by Date: overlay "syncprov" not found
Next by Date: Directory layout help
Index(es):
- Chronological
- Thread