[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: can't chang ldap user passwd by self

To: feora <studyfordo@163.com>, Dan White <dwhite@cafedemocracy.org>
Subject: Re: can't chang ldap user passwd by self
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 13 Apr 2015 09:53:11 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.9.2 edge01.zimbra.com 55BB04426C
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1428943994; bh=mKyu6J68lyA8vGdNB1IbayBWNbUlHO7lAo3+0jtoop8=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=bji+S83deWgYh5b/cpaDgAfPkGrEfThaKh1P4slMJxNLg14wNqkYLK7QLH0gtdQgw nu81i+fjLFkejzo3/ygaqGjZBpDQF4SjrJKpst9cAttrxr6zAWzE9xw/D3Z9eW7H1G XnIUOlJqPddu4aKTO3Jp3uOXR6tgV07wNvRlwkhQ=
In-reply-to: <552A879A.8060300@163.com>
References: <000001d06b97$adc1b010$09451030$@com> <20150401174055.GA3962@dan.olp.net> <552A7BB2.3080406@163.com> <552A879A.8060300@163.com>

--On Sunday, April 12, 2015 11:56 PM +0800 feora <studyfordo@163.com> wrote:

 I found log in ldap.log file

 Apr 12 14:20:54 abc slapd[3136]: => access_allowed: auth access to
"uid=bobliu,ou=it,dc=abc,dc=com" "userPassword" requested
 Apr 12 14:20:54 abc slapd[3136]: => slap_access_allowed: backend default
auth access granted to "(anonymous)"
 Apr 12 14:20:54 abc slapd[3136]: => access_allowed: auth access granted
by read(=rscxd)
 Apr 12 14:20:54 abc slapd[3136]: => access_allowed: backend default
write access denied to "uid=bobliu,ou=it,dc=abc,dc=com"

 why access granted to anoymous not  bobliu.


anonymous is granted AUTH access (for bind)
The USER is granted READ Access
The USER is DENIED write access


So you have an ACL that blocks WRITE access to the attribute for the USER.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- can't chang ldap user passwd by self
  - From: "rockwang" <studyfordo@163.com>
- Re: can't chang ldap user passwd by self
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: can't chang ldap user passwd by self
  - From: feora <studyfordo@163.com>
- Re: can't chang ldap user passwd by self
  - From: feora <studyfordo@163.com>

Prev by Date: Re: can't chang ldap user passwd by self
Next by Date: Re: Antw: Re: Help: LDAP using alias to reference value of another attribute
Index(es):
- Chronological
- Thread