[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue while changing user password by self

Le 23/12/2015 08:04, Rajagopal Rc a écrit :

I am trying to allow users to change their own passwords

        OS                        RHEL7
        Openldap version         2.4.39-7.el7_1.x86_64

ACL in slapd.conf
        disallow bind_anon

access to attrs=userPassword
       by self write
       by dn.base="cn=mirrormode,dc=rnd,dc=com" read
       by dn.base="cn=binduser,dc=rnd,dc=com" read
       by * auth

access to *
       by dn.base="cn=mirrormode,dc=rnd,dc=com" read
       by dn.base="cn=binduser,dc=rnd,dc=com" read
       by * break

access to *
       by dn="cn=Manager,dc=rnd,dc=com"
       by users read
       by self write
       by * auth

from client machine 'user5' is trying to change own password and getting following error

$ ldappasswd -H ldaps://ldapdev.rnd.com:636 -x -D "cn=user 5,ou=people,dc=rnd,dc=com" -W -A  -S
Old password:
Re-enter old password:
New password:
Re-enter new password:
Enter LDAP Password:
Result: Insufficient access (50)
Additional info: User alteration of password is not allowed

This error looks like issue with permissions, yet i have already allowed access to attrs=userPassword by self write in slapd.conf, please let me know if there is any thing wrong in above ACL and why i am getting this error

This may be linked to your configuration of ppolicy overlay. Check the pwdAllowUserChange attribute of your policy entry, it should be set to TRUE.

Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux