[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
help troubleshooting
- To: openldap-technical@openldap.org
- Subject: help troubleshooting
- From: scar <scar@drigon.com>
- Date: Mon, 30 Jan 2017 19:08:39 -0700
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=drigon.com; s=20150326; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date: Message-ID:To:Subject:From:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=LKnIJCrG1SfO/U/pdpOAMSxz+kyKHOXIjplVkiXm1wU=; b=m9RLDUayXscB7b4bFEbdh1Qj1O K1si8bdtIos1Vk2Y0cMiBygZ7rGfoqNRRPQfSrduASUZkyEdsEg7AGJ2Nf6UAclo3qdJqTraEvsrN RqwUoyJ7BWHNqQ01gjcX/FpcY59xnQiAXKbFrXhOvcTEbtZvfdCkRf2UQvACG+AsWgXSUbkSVw5GN 3dTKVTQeTizgcq+bMEYTDXOtSDy5lyuDuwE4FG2YC0ML1xB4jS+hgZH8dchsqkLyB5TAU0Kby0nBd Ai8Jj3xciJWEER6Aah+Mzf9Bh0VVeAZTs5WICFz+f4owvGOrnujQy2KJxz9SUD7omIWsGt3Qexx5g X0MxuQng==;
I have inherited an LDAP server and admittedly do not have all the
technical expertise to troubleshoot the problems we have.
We are using slapd 2.4.40.
The first problem is nobody but the rootdn can change passwords. We'd
like to use "passwd" utility on our servers to change our passwords but
the error is "LDAP password information update failed: Insufficient access"
In slapd.conf we have (i have removed our dc for privacy):
access to attrs=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=X,dc=Y,dc=Z" write
by * none
access to *
by self write
by dn="cn=Manager,dc=X,dc=Y,dc=Z" write
by * read
by * auth
access to *
by dn="uid=ldapadmin,dc=X,dc=Y,dc=Z" read
"cn=Manager,dc=X,dc=Y,dc=Z" is our rootdn and i have enabled logleve 128
However, this brings me to the next problem: the contents of slapd.conf
do not match the slapd.d/cn\=config.ldif file, so it seems the fixes i
am trying to the ACL's don't have any effect, even when i restart slapd.
If i try "ldapmodify -nv" it just hangs. When i try to stop slapd and
remove slapd.d/* and then start slapd, the contents are recreated
according to the config file, but then users can't login (all i see in
the logfile is access_allowed and slap_access_allowed but no conn lines)
So some basic troubleshooting help would be appreciated!
Thanks