<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 12/30/2010 03:24 AM, MAP 007 wrote:
<blockquote
cite="mid:AANLkTi=gh6pumHLC0HrMkQ3rJnj8aJ2N7cOq9nah2CaF@mail.gmail.com"
type="cite">Hi,<br>
<br>
Recently i have setup 389 DS on my CentOS machine.Now yesterday i
m able to reset user's password. Now i m not able to reset it....<br>
<br>
I have checked my directory server's setting and found that i have
mistakenly set "disallow_pw_change_aci" ACL. Now i have deleted
this one. But whenever i restart my dirsrv and dirsrv-admin
services i see "disallow_pw_change_aci" ACL again in my directory
server. <br>
<br>
Que.1 Now how to remove parmanently ?<br>
</blockquote>
How are you deleting it? What exactly are you doing? Are you using
replication?<br>
<blockquote
cite="mid:AANLkTi=gh6pumHLC0HrMkQ3rJnj8aJ2N7cOq9nah2CaF@mail.gmail.com"
type="cite"><br>
And secondly when i remove this from directory server and then try
to change password</blockquote>
What is the exact command you are using to change the password?<br>
Can you post excerpts from your access log showing the password
change operation?<br>
<blockquote
cite="mid:AANLkTi=gh6pumHLC0HrMkQ3rJnj8aJ2N7cOq9nah2CaF@mail.gmail.com"
type="cite">i am getting below error:-<br>
<br>
LDAP password information update failed: Server is unwilling to
perform<br>
user is not allowed to change password<br>
passwd: Permission denied<br>
<br>
Que.2 Now how to sort out this one... ?<br>
<br>
Que.3 And one more question is, where i will find all these
logs...if someone file these command at client as well as server
machine(i.e. ldapsearch, ldapadd, ldapdelete, passwd, passwd lock
etc...)<br>
</blockquote>
I don't think there are any client side logs - maybe
/var/log/messages or /var/log/secure?<br>
<br>
The server side logs should have some information -
/var/log/dirsrv/slapd-yourinstance/access and errors<br>
<blockquote
cite="mid:AANLkTi=gh6pumHLC0HrMkQ3rJnj8aJ2N7cOq9nah2CaF@mail.gmail.com"
type="cite">
<br>
<br>
Thank you.<br>
Piyush<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>