[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: can't chang ldap user passwd by self

To: rockwang <studyfordo@163.com>
Subject: Re: can't chang ldap user passwd by self
From: Dan White <dwhite@cafedemocracy.org>
Date: Wed, 1 Apr 2015 12:40:56 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <000001d06b97$adc1b010$09451030$@com>
References: <000001d06b97$adc1b010$09451030$@com>
User-agent: Mutt/1.5.23 (2014-03-12)

On 03/31/15 17:47 +0800, rockwang wrote:

 access to attrs=userPassword
 by self write
 by anonymous auth
 by dn.base="cn=Manager,dc=abc,dc=com"
 by *  none

 access to *
             by self write
             by dn.base="cn=Manager,dc=abc,dc=com"
             by * read
             by * none

my question is user can't change his own password. I use following command
so I have different result.

<img />

when not add -x

<img />

Consult the manpage for ldappasswd. In the first case (simple bind) you did
not provide a binddn (-D). In the second case, you directed ldappasswd to
perform a SASL bind but did not correctly provide an authentication
identity, and the sasl mechanism negotiated could not derive one.

Hint: if using a simple bind, specify a full DN (with -D), and not a
uid.

--
Dan White

Follow-Ups:
- Re: can't chang ldap user passwd by self
  - From: feora <studyfordo@163.com>

References:
- can't chang ldap user passwd by self
  - From: "rockwang" <studyfordo@163.com>

Prev by Date: Re: Very slow ldapserach
Next by Date: Re: Multiple programs not able to read LMDB concurrently
Index(es):
- Chronological
- Thread