[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL issue: "Insufficient access"

To: OpenLDAP-Software <openldap-software@OpenLDAP.org>
Subject: ACL issue: "Insufficient access"
From: "Diego A. Puertas F." <dpuertas@uc.edu.ve>
Date: 25 Apr 2002 17:38:39 +0000

I've just installed LDAP and changed authentication from shadow to LDAP
for all my users. Everything went on smooth without complaints until
people tried to change their passwords. When I tried to do it myself
this is what happened:

bash-2.05$ passwd
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Insufficient access
passwd: Permission denied


I traced down the problem and came to the conclusion that it has nothing
to do with PAM, it is a matter of permisions on the directory, users can
perform searchs like this just fine:

dpuertas@gandalf:~$ ldapsearch -D "uid=dpuertas, ou=Empleado, ou=Reduc,
ou=DireccionSuperior, ou=People, dc=uc, dc=edu, dc=ve" -x -W
'(uid=dpuertas)'


But when they try to modify their own entry, LDAP tells them they have
insufficient access:

dpuertas@gandalf:~$ ldapmodify -D "uid=dpuertas, ou=Empleado, ou=Reduc,
ou=DireccionSuperior, ou=People, dc=uc, dc=edu, dc=ve" -x -W -f
diego2.ldif
Enter LDAP Password:
modifying entry "uid=dpuertas, ou=Empleado, ou=Reduc,
ou=DireccionSuperior, ou=People, dc=uc, dc=edu, dc=ve"
ldap_modify: Insufficient access

ldif_record() = 50


Now, you would asume that the problem is in the ACLs, but they are just
fine (at least that's what I think :); these are my ACLs and, as you can
see, self can write:

access to dn="" by * read
access to *
        by self write
        by users read
        by anonymous auth


Any help will be appreciated


-- 
Ing. Diego A. Puertas Fernández
     Analista Programador
Universidad de Carabobo   RedUC
     Usuario Linux #114434

Prev by Date: newbie question
Next by Date: Address book and Account Info
Index(es):
- Chronological
- Thread