[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: issue with slapadd


First of all, thanks a lot for your answer.
in the end I skip trying to make the directory works and I went for the usual slapd.conf file with success.
Now I'm stuck because the clients are unable to change it's password.
This is a RHEL 6 server with

the slapd.conf interesting part:
access to attrs=userPassword,shadowLastChange
       by self write
       by anonymous auth
       by dn="cn=admin,dc=linux,dc=imppc,dc=org" write
       by * none

access to *
       by dn="cn=admin,dc=linux,dc=imppc,dc=org" write
       by * read

access to *
       by dn="cn=admin,dc=linux,dc=imppc,dc=org" write
       by * read

This is the client rpms (fedora 14)

And the problem is this:
-bash-4.1$ passwd
Changing password for user user1.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Insufficient access
passwd: Authentication token manipulation error

I have to mention that I had to made some changes in order to simply be able to query for a user. Ldapsearch worked but in order to do something like :
id user1
su - user1
I had to change /etc/sysconfig/authconfig with
In this way I have been able to modify /etc/nsswitch with ldap values when running authconfig-tui. The point is that in fedora seems that auth is managed by sss and without this entry I'm not able to id or su, but if I don't put the ldap keyword, I'm not even asked for the Enter login(LDAP) password: but I'm asked for the password in the machine which ends up in a "system error -4" because the system doesn't recognize the user.

Prior to change the version I would like to make this one work...

I don't know if I made myself clear enough, hope you can help me and I really thank you in advance for any help you can provide.
On 03/31/2011 09:09 PM, Quanah Gibson-Mount wrote:
--On Thursday, March 31, 2011 11:04 AM +0200 Judith Flo Gaya
<jflo@imppc.org>  wrote:

ldif_back_add: err: 68 text:
send_ldap_result: conn=-1 op=0 p=0
slaptest: bad configuration directory!

error code 68 means entry already exists.  It may simply be that slaptest
isn't working correctly with the config db.  You could of course try -d -1
to get better logging results rather than -d 1.

I would also note that you are using a rather old version of OpenLDAP with
numerous known bugs.  I would strongly advise you to build a more recent



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration

Judith Flo Gaya
Systems Administrator IMPPC
e-mail: jflo@imppc.org
Tel (+34) 93 554-3079
Fax (+34) 93 465-1472

Institut de Medicina Predictiva i Personalitzada del Càncer
Crta Can Ruti, Camí de les Escoles s/n
08916 Badalona, Barcelona,