[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Problems

Craig Squires wrote:
On Tue, 8 Jul 2003, Yossef Korang wrote:

I'm still having difficult with changing the password for a user.  I've 
looked at the logs, error messages, and through debugging(and give them 
below), and I have no clue what the problem could be.  Any help at 
resolving this problem would be much appreciated as I cannot see what is 
causing the problem in the first place...

slapd debug:


=> access_allowed: auth access to
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" "userPassword" requested
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu attr:
=> acl_mask: access to entry 
attr "userPassword" requested
=> acl_mask: to all values by "", (=n)

That's the default "deny all" clause... Now it goes through your clause
in sequence...

<= check a_dn_pat: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> string_expand: pattern:  uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> string_expand: expanded: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> regex_matches: string:
=> regex_matches: rc: 1 no matches

...root: no match

<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: auth access granted by auth(=x)

...anonymous: match (end of game...)


ACL's in slapd.conf:
access to attribute=userPassword
        by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
        by anonymous auth
        by self write
        by * auth
access to * by * read

Try changing this to:

access to attribute=userPassword
        by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
        by self write
        by * read
        by anonymous auth


After making those changes, I still have the same problem. Thanks for your input though, and any other suggestions would be appreciated to try to resolve this problem.