Re: passwd fails

[Benjamin Griese <der.darude@gmail.com>]

Hey,
have you took a look into your syslog messages and enabled logging in
your slapd config?

bye.

On Thu, Dec 2, 2010 at 15:26, Holger Schier
<hschier@mathematik.uni-mainz.de> wrote:
> Hi guys,
>
> my ldapserver works fine now, but the first users are arriving.
> The normal user should change their own password. So, everyone thinks of
> passwd in the shell.
>
> But:
> LDAP password information update failed: Insufficient access
> Must supply old password to be changed as well as new one
>
> Here is my ACL:
>
> olcAccess: {0} to
> attrs=pwdChangedTime,pwdAccountLockedTime,pwdFailureTime,pwdH
>  istory,pwdGraceUseTime,pwdReset
> by * none
>
> olcAccess: {1}to attrs=userPassword
> by self write
> by * auth
>
> olcAccess: {2}to attrs=shadowLastChange
> by self write
> by dn.base="cn=BINDUSER,dc=MY,dc=DC" read
> by users read
> by * auth
>
> olcAccess: {3}to attrs=userPKCS12
> by self read
> by * none
>
> olcAccess: {4}to *
> by dn.base="cn=BINDUSER,dc=MY,dc=DC" read
> by * none
>
> I tried the same with
> olcAccess: {4}to *
> by * read
>
> and allowing anonymous binds, but same error.
> passwd seems to try to bind with the binduser and then to read and to
> write the userPassword, but only has auth access.
>
> Has anyone an idea how to enable this?
>
> Thanks a lot.
> Holger
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra