[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can't self write password



Hi,

I use OpenLDAP 2.0.11 and NS Java SDK to change my password.
My ACL is:

access to attrs=entry
    by anonymous read

access to *
    by anonymous search
    by users read
    by self write

In my LDAP log are lines:

Here I bind - it's OK.

Aug 22 14:05:15 pine slapd[8000]: daemon: read activity on 10
Aug 22 14:05:16 pine slapd[8000]: daemon: select: listen=6 active_threads=1 tvp=NULL
Aug 22 14:05:16 pine slapd[8001]: conn=2 op=0 BIND dn="UID=SEBACH,DC=MAN,DC=POZNAN,DC=PL" method=128
Aug 22 14:05:16 pine slapd[8000]: daemon: select: listen=7 active_threads=1 tvp=NULL
Aug 22 14:05:16 pine slapd[8001]: => access_allowed: auth access to "uid=sebach, dc=man,dc=poznan, dc=pl" "userPassword" requested
Aug 22 14:05:16 pine slapd[8001]: => acl_get: [1] check attr userPassword
Aug 22 14:05:16 pine slapd[8001]: => acl_get: [2] check attr userPassword
Aug 22 14:05:16 pine slapd[8001]: <= acl_get: [2] acl uid=sebach, dc=man,dc=poznan, dc=pl attr: userPassword
Aug 22 14:05:16 pine slapd[8001]: => acl_mask: access to entry "uid=sebach, dc=man,dc=poznan, dc=pl", attr "userPassword" requested
Aug 22 14:05:16 pine slapd[8001]: => acl_mask: to all values by "", (=n)
Aug 22 14:05:16 pine slapd[8001]: <= check a_dn_pat: anonymous
Aug 22 14:05:16 pine slapd[8001]: <= acl_mask: [1] applying search (=scx) (stop)
Aug 22 14:05:16 pine slapd[8001]: <= acl_mask: [1] mask: search (=scx)
Aug 22 14:05:16 pine slapd[8001]: => access_allowed: auth access granted by search (=scx)
Aug 22 14:05:16 pine slapd[8001]: conn=2 op=0 RESULT tag=97 err=0 text=
Aug 22 14:05:16 pine slapd[8000]: daemon: activity on 1 descriptors
Aug 22 14:05:16 pine slapd[8000]: daemon: activity on:
Aug 22 14:05:16 pine slapd[8000]: 10r
Aug 22 14:05:16 pine slapd[8000]:


and here I try to change my password:

Aug 22 14:05:16 pine slapd[8000]: daemon: read activity on 10
Aug 22 14:05:16 pine slapd[8000]: daemon: select: listen=6 active_threads=1 tvp=NULL
Aug 22 14:05:16 pine slapd[8001]: conn=2 op=1 MOD dn="uid=sebach, dc=man,dc=poznan, dc=pl"
Aug 22 14:05:16 pine slapd[8000]: daemon: select: listen=7 active_threads=1 tvp=NULL
Aug 22 14:05:16 pine slapd[8001]: => access_allowed: write access to "uid=sebach, dc=man,dc=poznan, dc=pl" "userPassword" requested
Aug 22 14:05:16 pine slapd[8001]: => acl_get: [1] check attr userPassword
Aug 22 14:05:16 pine slapd[8001]: => acl_get: [2] check attr userPassword
Aug 22 14:05:16 pine slapd[8001]: <= acl_get: [2] acl uid=sebach, dc=man,dc=poznan, dc=pl attr: userPassword
Aug 22 14:05:16 pine slapd[8001]: => acl_mask: access to entry "uid=sebach, dc=man,dc=poznan, dc=pl", attr "userPassword" requested
Aug 22 14:05:16 pine slapd[8001]: => acl_mask: to value by "UID=SEBACH,DC=MAN,DC=POZNAN,DC=PL", (=n)
Aug 22 14:05:16 pine slapd[8001]: <= check a_dn_pat: anonymous
Aug 22 14:05:16 pine slapd[8001]: <= check a_dn_pat: users
Aug 22 14:05:16 pine slapd[8001]: <= acl_mask: [2] applying read (=rscx) (stop)
Aug 22 14:05:16 pine slapd[8001]: <= acl_mask: [2] mask: read (=rscx)
Aug 22 14:05:16 pine slapd[8001]: => access_allowed: write access denied by read (=rscx)
Aug 22 14:05:16 pine slapd[8001]: conn=2 op=1 RESULT tag=103 err=50 text=


I have a clause "access to * by self write" but I can't change my password ! Does anyone can read this log?

Thanks,
	S.

--

/*
 * Sebastian Szuber, Poznan Supercomputing and Networking Center
 * email: szuber@man.poznan.pl
 * phone: (+48 61) 858-20-34, fax: (+48 61) 852-59-54
 *
 */