[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy pwdReset

To: openldap-software@openldap.org
Subject: Re: ppolicy pwdReset
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Mon, 28 Jul 2008 10:36:54 +0200
In-reply-to: <94383.43200.qm@web53909.mail.re2.yahoo.com> (greek ordono's message of "Sun, 27 Jul 2008 23:55:44 -0700 (PDT)")
References: <94383.43200.qm@web53909.mail.re2.yahoo.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

greek ordono <grexk@yahoo.com> writes:

> Hello,                                                                                                                          
>                                                                                                                                 
> I've changed my acl like this:                                                                                                  
> access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange                
>         by dn="cn=nssldap,ou=DSA,dc=moldex,dc=group" write                                                                      
>         by anonymous auth                                                                                                       
>         by self write                                                                                                           
>                                                                                                                                 
> access to *                                                                                                                     
>         by self write                                                                                                           
>         by * read                                                                                                               
>                                                                                                                                 
                                            
> <= acl_mask: [3] applying auth(=xd) (stop)                                                                                      
> <= acl_mask: [3] mask: auth(=xd)                                                                                                
> => slap_access_allowed: read access denied by auth(=xd)                                                                         
> => access_allowed: no more rules                                                                                                

The answer is obvious, your rule "by anonymous auth" is applied.
You should prabably read
http://www.openldap.org/faq/data/cache/189.html
in order to design access rules

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: ppolicy pwdReset
  - From: greek ordono <grexk@yahoo.com>

References:
- Re: ppolicy pwdReset
  - From: greek ordono <grexk@yahoo.com>

Prev by Date: Re: Re: slapd dies immediately with signal 9
Next by Date: Re: ppolicy pwdReset
Index(es):
- Chronological
- Thread