[Date Prev][Date Next]
Re: GSSAPI fails?
Did you set ACLs to grant each user to modify its loginshell entry?
Something like this should do:
# Allow users to change their login shell by themselves
access to attrs=loginShell
by self write
On Mon, 10 May 2004, Sensei wrote:
> I've set up a kerberos realm and now I'm trying to make openldap use k5
> credential, without success.
> First, I'm using debian stable, so I'm using ldap 2.0.23. I know it has
> some incompatibilities and so I have NO suffix (base DN).
> My realm is PLM.A.B.COM, the ldap/kdc server is plm.a.b.com. I can log
> in with a ldap user, it gets the right tickets, but when I try to modify
> my loginShell attribute I get this:
> $ ldapmodify -v -f user.ldif
> SASL/GSSAPI authentication started
> SASL SSF: 56
> SASL installing layers
> modifying entry "uid=ldaptest"
> replace loginShell:
> ldap_modify: Insufficient access
> ldif_record() = 50
> What should I do?
> Sensei <mailto:email@example.com>
> Error: Keyboard not found. Press F1 to continue...