[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with Password Policy Overlay - Password Reset

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Problem with Password Policy Overlay - Password Reset
From: Shawn McKinney <smmtech2@sbcglobal.net>
Date: Tue, 16 Aug 2005 17:12:56 -0700 (PDT)
In-reply-to: <43026734.9020508@symas.com>

>2.3.5 has been released, and there are 2-3 minor
fixes >to ppolicy included. You should upgrade.

Thanks, I have done this just today.  My problem
remains.

>What do you mean by "user can't authenticate" ?
>Certainly they should still be able to Bind

Yes you are correct.  User with pwdReset flag set to
"TRUE", may subsequently authenticate.  My problem
occurs later, after I clear the pwdReset flag on
user's operational attribute.  (To clear the pwdReset
flag, I set to a value of "FALSE").
Subsequent LDAP operations generate this error:

"error result (50); Operations are restricted to
bind/unbind/abandon/StartTLS/modify password;
Insufficient access"

Regardless of operation or user.  IOW - every
subsequent operation I then perform on directory,
receives this error.

This holds true even for rootdn user operations.

The process remains in this state, until I restart
slapd, at which time it resumes normal operation.

References:
- Re: Problem with Password Policy Overlay - Password Reset
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: cachesize does not exceed 1000 entries
Next by Date: 1 master many slaves
Index(es):
- Chronological
- Thread