Re: Getting ldappasswd and PAM in the same page under CentOS 7

[Dieter Klünter <dieter@dkluenter.de>]

Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT)
schrieb Robert Heller <heller@deepsoft.com>:

> OK, I fixed the ACLs (I think), but it is still not working.  I
> turned on verbose debugging for sssd[pam] and moderate debugging for
> slapd.
> 
> Here are my ACLs
> in /etc/openldap/slapd.d/cn\=config/olcDatabase\={2}hdb.ldif:
> 
> olcAccess: {0}to attrs=userPassword
>   by self write
>   by anonymous auth
>   by dn=uid=heller,ou=People,dc=deepsoft,dc=com write
>   by * none
> olcAccess: {1}to *
>   by dn=uid=heller,ou=People,dc=deepsoft,dc=com write
>   by * read
> 
> There are also these olcAccess entries:
> 
> in /etc/openldap/slapd.d/cn\=config/olcDatabase\={0}config.ldif:
> 
> olcAccess: {0}to * by
> dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth"
> manage by * none
> 
> and in /etc/openldap/slapd.d/cn\=config/olcDatabase\={1}monitor.ldif:
> 
> olcAccess: {0}to * by
> dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth"
> read by dn.base="cn=Manager,dc=deepsoft,dc=com" read by * none
[...]

You may run slapd in debugging mode 128.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E