[Date Prev][Date Next] [Chronological] [Thread] [Top]

simple bind doesn't work

perhaps this is a newby problem, but I'm not getting over it
right now.
I can't change the password of my LDAP users using either
ldappasswd or passwd with the correct pam-stack settings.
Authentication and accounting is no problem. I can use
every service I want (su, ssh, proftp, login and so on).
If I try to change the password (using ldpapasswd)  of a 
user which is already authenticated through LDAP (for example with ssh)
the log tells me that only authenticated users are able to change
the password and that strong authentication must be used 
(very strange behaviour). 
If I'm doing the same using passwd (with configured pam-stack)the 
log tells me that there is no object corresponding to the user.
Errornumber 32 is reported, which says, the the user couldn't be
found on the ldap server. 

Here a snippet out of the log:
slapd: Mod dn="uid=malcolmx, ou=people, ou=division, ou=company"
slapd: conn=44 op=5 Result tag=103 err=32 text=
pam_ldap: ldap_modify_s No such object

So my first idea was that my ACL's are the problem, but I've set
them with read access for everyone (Tried also to swap the entrys). 
Here my ACL's:
access to attr=userPassword
       by self write
       by * auth
       by * read

access to * by * read

So the problem is that I can't bind as user to the DIT and therefore
couldn't change my password. So far so bad :-((, but I have no idea
why I couldn't bind as an ordinary user with my ACLS.

So if anyone reading this SOS message has an idea I would apreciate

P.S.: Please excuse my poor englisch!!!!

Mail: pieroth.n@zdf.de
Tel: (Germany) 06131/708290