[Date Prev][Date Next] [Chronological] [Thread] [Top]

passwd fails



Hi guys,

my ldapserver works fine now, but the first users are arriving.
The normal user should change their own password. So, everyone thinks of
passwd in the shell.

But:
LDAP password information update failed: Insufficient access
Must supply old password to be changed as well as new one

Here is my ACL:

olcAccess: {0} to
attrs=pwdChangedTime,pwdAccountLockedTime,pwdFailureTime,pwdH
 istory,pwdGraceUseTime,pwdReset
by * none

olcAccess: {1}to attrs=userPassword
by self write
by * auth

olcAccess: {2}to attrs=shadowLastChange
by self write
by dn.base="cn=BINDUSER,dc=MY,dc=DC" read
by users read
by * auth

olcAccess: {3}to attrs=userPKCS12
by self read
by * none

olcAccess: {4}to *
by dn.base="cn=BINDUSER,dc=MY,dc=DC" read
by * none

I tried the same with
olcAccess: {4}to *
by * read

and allowing anonymous binds, but same error.
passwd seems to try to bind with the binduser and then to read and to
write the userPassword, but only has auth access.

Has anyone an idea how to enable this?

Thanks a lot.
Holger