[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: can't chang password via simple authentication



On 04/09/15 12:59 +0800, rockwang wrote:
hi,guys

        I can't chang user password via simple authentication at ldap
client.

 I have set acl rule in slapd.conf.

     access to attr=userPassword
          by self write
          by anonymous auth
          by dn.base="cn=Manager,dc=abc,dc=com" write
          by * none
  access to *
          by self write
          by dn.base"cn=Manager,dc=abc,dc=com" write
          by * read

ldappasswd  -x -D "uid=bobliu,ou=it,dc=abc,dc=com" -W -S

New password:
Re-enter new password:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

but can use  ldapsearch via simple authentication.
what about problem. thks

Are you positive that you are successfully authenticating with ldapsearch?
Your 'by * read' for 'access to *' would allow anonymous users read access
to everything except the userPassword entry. See chapter 8 in the OpenLDAP
Admin Guide for a saner example.

Use debugging/logging to trouble shoot. See slapd(8), and slapd.conf(5).

--
Dan White