[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: Re: userPasswd problem]




I'v now tested my replication and it it works. The one problem (as far
as I know) I have is that changing password (userPassword).
'ldappasswd -x -D "cn=JokkeManager,dc=htg,dc=org" -w secret username -s
newsecret'

Result: DSA is unwilling to perform (53)
 Additional info: authorization database is a read-only replica

As you can see 'm running the ldappasswd command as rootdn and still get
this error !
is there anyone that can help me with this ?

regards
Roger Helgesen

Slapd.conf (I'v taken out all the comments to save space)

###############################

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/redhat/rfc822-MailMember.schema
include		/etc/openldap/schema/redhat/autofs.schema
include		/etc/openldap/schema/redhat/kerberosobject.schema
include		/etc/openldap/schema/sambatng.schema-v3-egen
include		/etc/openldap/schema/qmail.schema
include		/etc/openldap/schema/qmailControl.schema


####    Mine Acces lister

access to dn=".*,dc=htg,dc=org" attr=userPassword
	by self write
	by dn="cn=PondusManager,dc=htg,dc=org" write
	by dn="uid=root,ou=SystemBrukere,dc=htg,dc=org" write
	by * auth
	
access to dn=".*,dc=htg,dc=org" 
	by self write
	by dn="cn=PondusManager,dc=htg,dc=org" write
	by * read

access to *
	by dn="cn=ReplicaMasterJokke,dc=htg,dc=org" write
	by * read

access to * by * read

#######################################################################
# ldbm database definitions
######################################################################
loglevel 264

database	ldbm
suffix		"dc=htg,dc=org"
rootdn		"cn=JokkeManager,dc=htg,dc=org" 
rootpw		{MD5}XsAM4fAnjvju4pOM9oOrYA==

password-hash {md5}

directory	/var/lib/ldap
# Indices to maintain
index	objectClass,uid,uidNumber,gidNumber,memberUid	eq
index	cn,mail,surname,givenname			eq,subinitial
index	rid						eq

# Replicas to which we should propagate changes
replica host=pondus.hau.htg.org:389 
	binddn="cn=JokkeManager,dc=htg,dc=org"
	bindmethod=simple 
	credentials=Yfw98ah7

replogfile /var/lib/ldap/master-slapd.replog

updatedn	cn=PondusManager,dc=htg,dc=org

########################################################

On Tue, 2002-05-14 at 10:49, Roger Helgesen wrote:
> Hi !
> 
> I'v patch openldap 2.0.23-4 with the multimaster patch
> (http://www.openldap.org/lists/openldap-software/200204/msg00681.html)
> 
> After that (i belive thats when the prob. started) I can not change
> userPasswd for users. New users does not get a passwd either
> 
> The userPasswd attr says {crypt}x
> 
> When I try to change a users passwd with 
> 
> 'ldappasswd -x -D "cn=manager,dc=htg,dc=org" -w secret username' I get
> 
> Result: DSA is unwilling to perform (53)
> Additional info: authorization database is a read-only replica
> 
> I'm confused. Adding and deleting users works fine. And also changing
> smb passwd (via smbldap-passwd.pl) works fine. 
> 
> smbldap-passwd should change both passwd, and it did before
> 
> Could anyone help me ?
> 
> I'm a novice at LDAP. Do you need more info, slapd.conf ldap.conf ?
> 
> regards 
> Roger Helgesen
> 
> 
>