[389-users] (Insufficient 'write' privileges to the 'userPassword') when executing passwd change
Rich Megginson
rmeggins at redhat.com
Fri Feb 18 18:43:40 UTC 2011
On 02/18/2011 11:18 AM, Beamon, John wrote:
> This is a new install, straight from the docs with 4 boxes in an MMR setup. Attempting a password change from a Linux command line, I get this feedback.
>
> $ passwd
> Changing password for user jbeamon.
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information update failed: Insufficient access
> Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=jbeamon,ou=people,dc=example,dc=com'.
>
> passwd: Permission denied
> I zeroed out the access and error logs in advance. The error log was empty; the access log was nothing but SRCH, BIND, and RESULT entries for my account. Nothing about access problems or attempted modifies.
>
> A web search for this error message revealed one conversation in Jan 2009 that ended with "I fixed my aci and the problem went away". I haven't knowingly changed any acis since install. At the global level, user may change password. At the userRoot suffix level, user can change password and fine-grained policy is enabled. A password reset by directory manager succeeds and replicates around. Does anyone else recognize this?
Look for this sequence of operations in your directory server access log.
> -j
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110218/5e0604da/attachment.html>
More information about the 389-users
mailing list