[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: passwd fails
- To: Holger Schier <hschier@mathematik.uni-mainz.de>
- Subject: Re: passwd fails
- From: Benjamin Griese <der.darude@gmail.com>
- Date: Thu, 2 Dec 2010 16:54:51 +0100
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=iskocVSZOY6CdzImR1Yz0v73hN7jsio9puzNVZm11Og=; b=cgkYR5mQTxou5fXgvkalz05gCbhhwQCQPE7xI19Mj90ZNFRJaVDEqoMaLNicpFgrhu 5TVcfdlVUiWVe2zqG+WpniaMUuCvE8OnXKGZd8Uw2ynVpXJvTkCplaNHYILLVbfqb1ih Sj3Ak4hjKJbAbVcNuRqn+dasn+mNbCHpe2c9Q=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=pS3mCLD4O7UvyhTYlsmuOXJ3d7TcrcvhobWWMeJHELWqul1+NBebOdnfK4DGlOLDcE DlsWR/O9T0UiXRDX9dtbbQo6zBS18K8VEZ3yU9SCFtjLw0ey8R5ZutsoOVfmMwBg6Vlt vKUAjpUb2EM8dZOArTBjf+S5t+LQUs9Iua/0w=
- In-reply-to: <4CF7ACA7.6090402@mathematik.uni-mainz.de>
- References: <4CF7ACA7.6090402@mathematik.uni-mainz.de>
Hey,
have you took a look into your syslog messages and enabled logging in
your slapd config?
bye.
On Thu, Dec 2, 2010 at 15:26, Holger Schier
<hschier@mathematik.uni-mainz.de> wrote:
> Hi guys,
>
> my ldapserver works fine now, but the first users are arriving.
> The normal user should change their own password. So, everyone thinks of
> passwd in the shell.
>
> But:
> LDAP password information update failed: Insufficient access
> Must supply old password to be changed as well as new one
>
> Here is my ACL:
>
> olcAccess: {0} to
> attrs=pwdChangedTime,pwdAccountLockedTime,pwdFailureTime,pwdH
> istory,pwdGraceUseTime,pwdReset
> by * none
>
> olcAccess: {1}to attrs=userPassword
> by self write
> by * auth
>
> olcAccess: {2}to attrs=shadowLastChange
> by self write
> by dn.base="cn=BINDUSER,dc=MY,dc=DC" read
> by users read
> by * auth
>
> olcAccess: {3}to attrs=userPKCS12
> by self read
> by * none
>
> olcAccess: {4}to *
> by dn.base="cn=BINDUSER,dc=MY,dc=DC" read
> by * none
>
> I tried the same with
> olcAccess: {4}to *
> by * read
>
> and allowing anonymous binds, but same error.
> passwd seems to try to bind with the binduser and then to read and to
> write the userPassword, but only has auth access.
>
> Has anyone an idea how to enable this?
>
> Thanks a lot.
> Holger
>
--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra
- References:
- passwd fails
- From: Holger Schier <hschier@mathematik.uni-mainz.de>