Out of office
by Fernando Fuentes
I will be out starting 06/07/16 and coming back 06/14/16, but I will check on my email periodically.
Please contact the IS Department for any issues.
7 years, 10 months
Out of office
by Fernando Fuentes
I will be out starting 06/07/16 and coming back 06/14/16, but I will check on my email periodically.
Please contact the IS Department for any issues.
7 years, 10 months
Out of office
by Fernando Fuentes
I will be out starting 06/07/16 and coming back 06/14/16, but I will check on my email periodically.
Please contact the IS Department for any issues.
7 years, 10 months
User can not change password
by Todor Petkov
Hello (again),
my setup:
389-ds server, Centos6
Various clients - Centos5/6, Fedora, Debian
For some reason users can no longer change their passwords. They log
in via ssh, run "passwd", but then it says:
Password change failed. Server message: Insufficient access rights
In the server I can see:
[06/Jun/2016:14:30:14 +0300] conn=1750620 fd=182 slot=182 SSL
connection from 172.16.18.52 to 172.16.18.254
[06/Jun/2016:14:30:14 +0300] conn=1750620 TLS1.2 256-bit AES
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=0 BIND
dn="uid=username,ou=People,dc=dom,dc=com" method=128 version=3
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=0 RESULT err=0 tag=97
nentries=0 etime=0.007000 dn="uid=username,ou=people,dc=dom,dc=com"
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=1 EXT
oid="1.3.6.1.4.1.4203.1.11.1" name="passwd_modify_extop"
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=1 RESULT err=50 tag=120
nentries=0 etime=0.001000
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=2 UNBIND
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=2 fd=182 closed - U1
I have "passwordChange: on" in the DS configuration? I have also
checked the ACI for self-entry modifications and the users have the
rights:
(targetattr = "userPassword || telephoneNumber || facsimileTelephoneNumber")
(version 3.0;
acl "Allow self entry modification";
allow (write)
(userdn = "ldap:///self")
;)
What am I missing here?
Thanks
7 years, 10 months
Can not connect via ldaps from Fedora
by Todor Petkov
Hello all,
I have the following setup:
2 servers, Centos6, latest 389-ds packets.
1 client, Fedora23, SSSD configured
I have upgraded the Fedora recently with the latest packets and I can
not authenticate any longer.
In the 389-ds logs I can see the following:
[06/Jun/2016:11:58:36 +0300] conn=1709954 fd=142 slot=142 SSL
connection from 172.16.18.52 to 172.16.18.254
[06/Jun/2016:11:58:36 +0300] conn=1709954 op=-1 fd=142 closed -
Encountered end of file.
Same is when I run ldapsearch from command line. Search via ldap is
fine, but ldaps fails.
I have "ldap_tls_reqcert = never" in the sssd.conf, also "TLS_REQCERT
never" in /etc/openldap/ldap.conf, but it does not help.
Can someone give a hint what else needs to be changed? Other clients
(Centos/Redhat/Debian machines) are working.
Regards,
7 years, 10 months