[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL problem with userPassword
Hi,
I have a pretty simple setup for ACL - at this point, the only thing I
am trying to have a control on is the userpassword attribute. I have the
following ACL in place:
access to attr=userpassword
by dn="cn=manager,dc=elanco,dc=k12,dc=pa,dc=us" write
by self write
by * compare
but when I use ldappasswd or some cgi-scripts, I can't modify the
password, if I'm bound as myself.
Here is some of what is logged:
Nov 19 08:30:29 gneiss slapd[19371]: do_bind: bound
"uid=kevin_myer,ou=people,dc=elanco,dc=k12,dc=pa,dc=us" to
"uid=kevin_myer, ou=People, dc=elanco, dc=k12, dc=pa, dc=us"
Nov 19 08:30:29 gneiss slapd[19371]: send_ldap_result 0::
Nov 19 08:30:29 gneiss slapd[19372]: do_modify
Nov 19 08:30:29 gneiss
slapd[19372]: dn2entry_w: dn: "UID=KEVIN_MYER,OU=PEOPLE,DC=ELANCO,DC=K12,DC=PA,DC=US"
Nov 19 08:30:29 gneiss slapd[19372]: => dn2id(
"UID=KEVIN_MYER,OU=PEOPLE,DC=ELANCO,DC=K12,DC=PA,DC=US" )
Nov 19 08:30:29 gneiss slapd[19372]: ====> cache_find_entry_dn2id: found
dn: UID=KEVIN_MYER,OU=PEOPLE,DC=ELANCO,DC=K12,DC=PA,DC=US
Nov 19 08:30:29 gneiss slapd[19372]: <= dn2id 652 (in cache)
Nov 19 08:30:29 gneiss slapd[19372]: => id2entry_w( 652 )
Nov 19 08:30:29 gneiss slapd[19372]: ====> cache_find_entry_dn2id: found
id: 652 rw: 1
Nov 19 08:30:29 gneiss slapd[19372]: <= id2entry_w 0x808e5c0 (cache)
Nov 19 08:30:29 gneiss slapd[19372]: send_ldap_result 50::
Nov 19 08:30:29 gneiss slapd[19372]: ====> cache_return_entry_w
Nov 19 08:30:29 gneiss slapd[19369]: ber_get_next on fd 9 failed errno 0
(Success)
Nov 19 08:30:29 gneiss slapd[19369]: *** got 0 of 0 so far
Nov 19 08:30:29 gneiss slapd[19373]: do_unbind
What am I missing? Is it typical behaviour for the third line logged
above "ber_get_next on fd 9 failed errno0 (Success)"? Does ACL get
maintained in an index somewhere that needs rebuilt manually?
Thanks for any help.
Kevin
--
~ Kevin M. Myer
. . Network/System Administrator
/V\ ELANCO School District
// \\
/( )\
^`~'^