[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI fails?

To: Sensei <senseiwa@tin.it>
Subject: Re: GSSAPI fails?
From: Diego Julian Remolina <dijuremo@math.gatech.edu>
Date: Mon, 10 May 2004 09:55:36 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1084193751.7963.15.camel@quantum.dia.uniroma3.it>
References: <1084193751.7963.15.camel@quantum.dia.uniroma3.it>

Did you set ACLs to grant each user to modify its loginshell entry?
Something like this should do:

# Allow users to change their login shell by themselves
access to attrs=loginShell
        by self write

Diego

On Mon, 10 May 2004, Sensei wrote:

> Hi.
>
> I've set up a kerberos realm and now I'm trying to make openldap use k5
> credential, without success.
>
> First, I'm using debian stable, so I'm using ldap 2.0.23. I know it has
> some incompatibilities and so I have NO suffix (base DN).
>
> My realm is PLM.A.B.COM, the ldap/kdc server is plm.a.b.com. I can log
> in with a ldap user, it gets the right tickets, but when I try to modify
> my loginShell attribute I get this:
>
>
> $ ldapmodify -v -f user.ldif
> SASL/GSSAPI authentication started
> SASL SSF: 56
> SASL installing layers
> modifying entry "uid=ldaptest"
> replace loginShell:
>         /bin/bash
> ldap_modify: Insufficient access
>
> ldif_record() = 50
> $
>
>
> What should I do?
>
> --
> Sensei    <mailto:senseiwa@tin.it>
>           <icqnum:241572242>
>           <msn-id:Sensei_Sen@hotmail.com>
> Error: Keyboard not found. Press F1 to continue...
>

References:
- GSSAPI fails?
  - From: Sensei <senseiwa@tin.it>

Prev by Date: Quering the server
Next by Date: performance - how to index for most performance
Index(es):
- Chronological
- Thread