[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL, passwd and self on Solaris

To: <openldap-software@OpenLDAP.org>
Subject: ACL, passwd and self on Solaris
From: "Nalneesh Gaur" <nalneesh@yahoo.com>
Date: Tue, 20 Mar 2001 20:50:47 -0600

All,

Have any of you used the passwd command to change the passwd of an LDAP
user.  I have set up the following ACL's ( as advised by OpenLDAP)

defaultaccess none
access to attr=userPassword by self write by * none
access to * by self write by dn=".+" read by * none

Now, when I try to change the passwd I get the message:

Enter login(LDAP) password:
New password:
Re-enter new password:
passwd (LDAP): Couldn't change passwd/attributes for sride
Permission denied

The slapd with the -d 128 flag shows the following

ber_flush: 483 bytes to sd 12
ber_flush: 14 bytes to sd 12
=> access_allowed: auth access to "cn=Sally Ride,ou=people,
dc=coolperformance,dc=com" "userPassword" requested
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl cn=Sally Ride,ou=people, dc=coolperformance,dc=com attr:
userPassword
=> acl_mask: access to entry "cn=Sally Ride,ou=people,
dc=coolperformance,dc=com", attr "userPassword" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: *
<= acl_mask: [2] applying none (=n) (stop)
<= acl_mask: [2] mask: none (=n)
=> access_allowed: auth access denied by none (=n)
ber_flush: 14 bytes to sd 7

I was hoping that the "self" rule would get matched.   I am not sure why I
am getting access denied.

Thanx

CM



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Follow-Ups:
- Re: ACL, passwd and self on Solaris
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: ldapdelete: Operations error
Next by Date: Q: "negative" attribute list?
Index(es):
- Chronological
- Thread