[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy pwdReset



greek ordono <grexk@yahoo.com> writes:

> I'm getting this error:                                                                                  
>                                                                                                          
> => access_allowed: read access to "uid=techsupport,ou=Users,dc=moldex,dc=group" "userPassword" requested 
> => acl_get: [1] attr userPassword                                                                        
> => slap_access_allowed: result not in cache (userPassword)                                               
> => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested
> => acl_mask: to value by "", (=0)                                                                        
> <= check a_dn_pat: cn=replicator,ou=dsa,dc=moldex,dc=group                                               
> <= check a_dn_pat: *                                                                                     
> <= acl_mask: [2] applying +0 (break)                                                                     
> <= acl_mask: [2] mask: =0                                                                                
> => acl_get: [2] attr userPassword                                                                        
> => slap_access_allowed: result not in cache (userPassword)                                               
> => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested
> => acl_mask: to value by "", (=0)                                                                        
> <= check a_dn_pat: cn=samba,ou=dsa,dc=moldex,dc=group                                                    
> <= check a_dn_pat: cn=nssldap,ou=dsa,dc=moldex,dc=group                                                  
> <= check a_dn_pat: cn=squid,ou=dsa,dc=moldex,dc=group                                                    
> <= check a_dn_pat: self                                                                                  
> <= check a_dn_pat: anonymous                                                                             
> <= acl_mask: [5] applying auth(=xd) (stop)                                                               
> <= acl_mask: [5] mask: auth(=xd)                                                                         
> => slap_access_allowed: read access denied by auth(=xd)                                                  
> => access_allowed: no more rules                                                                         
> send_search_entry: conn 9 access to attribute userPassword, value #0 not allowed                         

For this search your rule no. 5 is applicable, and this rule disallows
read access to attribute userPassword.
Change your access rules accordingly.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6