[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with allowing users to change their own passwords



Look in /var/adm/messages. There is probably something in there stating that its trying to use the native ldap client when using the passwd command. I've been struggling with the same thing and have come to the conclusion that for passwd to work, you need to write a wrapper around it that will contact the openldap server via /etc/ldap.conf instead of using the solaris native ldap client. Just a guess though, I'm still pretty green when it comes to the solaris ldap stuff.

KS

Lawrence, Mike (White Plains) wrote:

Hi - I am using openldap on some Solaris 8 hosts.  So far I am just using it
to be able
to authenticate users via ssh.  I've got it up and working, with SSL/TLS
(using the padl
nss and pam ldap modules).

I've run into a problem now though that has me stumped.  No matter how I try
to play with
ACLs in the slapd.conf file, users aren't able to change their own
passwords.  The current
ACLs I have in place are as follows:

access to attr=userPassword
       by self write
       by anonymous auth
       by * none
access to *
       by self write
       by * read

Here is what happens when I ssh in as an ldap user and use the "passwd"
command:



passwd


passwd: Changing password for barney
Enter login(LDAP) password: New password: Re-enter new password: passwd (LDAP): Couldn't change passwd/attributes for barney
Permission denied


I'm not sure if it's an ACL related issue or not, because the same thing
happens even with
these ACLs:

access to * by * write
access to * by * auth
access to * by * read

Is there something else I'm missing that might bear on Solaris 8's passwd
command and openldap and/or the padl pam/nss modules? If there's any other
information I can give to
help troubleshoot this please let me know. Thanks in advance!
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.