password change does not work: LDAP, sssd, nss or pam error?
Volker Potworowski
fedora at potworowski.de
Sat Oct 9 14:00:37 UTC 2010
Hallo zusammen,
> Suggest that you change
> them to something like this...
Thanks for your suggestion. I changed them to:
access to attrs=userPassword
by dn.base="cn=Manager,dc=teraphim,dc=de" write
by anonymous auth
by self write
by * none
access to dn.regex="^uid=([^,]+)ou=People,dc=teraphim,dc=de$"
# I guess, your original regexp with $$" at the end was typo
by self read
by dn.exact="cn=Manager,dc=teraphim,dc=de" write
by anonymous auth
by * none
access to *
by anonymous auth
by self write
by * read
Unfortunatly situation did not change.
When I start an ldappasswd:
ldappasswd -x -v -N -ZZ -D uid=vp,ou=People,dc=teraphim,dc=de -s new_password
-a old_passwd -w old_passwd
I get:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)
And when I debug slapd with -d 128 I see:
=> access_allowed: result not in cache (userPassword)
=> access_allowed: auth access to "uid=vp,ou=People,dc=teraphim,dc=de"
"userPassword" requested
=> slap_access_allowed: backend default auth access granted to "(anonymous)"
=> access_allowed: auth access granted by read(=rscxd)
=> bdb_entry_get: found entry: "uid=vp,ou=people,dc=teraphim,dc=de"
=> access_allowed: result not in cache (userPassword)
=> access_allowed: auth access to "uid=vp,ou=People,dc=teraphim,dc=de"
"userPassword" requested
=> slap_access_allowed: backend default auth access granted to
"uid=vp,ou=People,dc=teraphim,dc=de"
=> access_allowed: auth access granted by read(=rscxd)
=> access_allowed: backend default write access denied to
"uid=vp,ou=People,dc=teraphim,dc=de"
Still denying write access.
More information about the users
mailing list