[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue while changing user password by self

To: Clément OUDOT <clement.oudot@savoirfairelinux.com>
Subject: Re: Issue while changing user password by self
From: Rajagopal Rc <rajagopal.rc@tcs.com>
Date: Thu, 24 Dec 2015 11:26:49 +0530
Cc: openldap-technical <openldap-technical-bounces@openldap.org>, openldap-technical@openldap.org
In-reply-to: <567AD95F.3000808@savoirfairelinux.com>
References: <OFDAA9A7BE.613B5DEF-ON65257F24.00262D83-65257F24.0026D526@tcs.com> <567AD95F.3000808@savoirfairelinux.com>

Thanks for you response, Yes you are right the issue was with ppolicy pwdAllowUserChange attribute as it was set to FALSE, it is working fine now after changing it to TRUE

Thanks & Regards
Raj

From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
To: openldap-technical@openldap.org
Date: 12/23/2015 10:57 PM
Subject: Re: Issue while changing user password by self
Sent by: "openldap-technical" <openldap-technical-bounces@openldap.org>

Le 23/12/2015 08:04, Rajagopal Rc a écrit :
Hello,

I am trying to allow users to change their own passwords

OS RHEL7
Openldap version 2.4.39-7.el7_1.x86_64

ACL in slapd.conf

disallow bind_anon

access to attrs=userPassword
by self write
by dn.base="cn=mirrormode,dc=rnd,dc=com" read
by dn.base="cn=binduser,dc=rnd,dc=com" read
by * auth

access to *
by dn.base="cn=mirrormode,dc=rnd,dc=com" read
by dn.base="cn=binduser,dc=rnd,dc=com" read
by * break

access to *
by dn="cn=Manager,dc=rnd,dc=com"
by users read
by self write
by * auth

from client machine 'user5' is trying to change own password and getting following error

$ ldappasswd -H ldaps://ldapdev.rnd.com:636 -x -D "cn=user 5,ou=people,dc=rnd,dc=com" -W -A -S
Old password:
Re-enter old password:
New password:
Re-enter new password:
Enter LDAP Password:
Result: Insufficient access (50)
Additional info: User alteration of password is not allowed

This error looks like issue with permissions, yet i have already allowed access to attrs=userPassword by self write in slapd.conf, please let me know if there is any thing wrong in above ACL and why i am getting this error

This may be linked to your configuration of ppolicy overlay. Check the pwdAllowUserChange attribute of your policy entry, it should be set to TRUE.

-- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

References:
- Issue while changing user password by self
  - From: Rajagopal Rc <rajagopal.rc@tcs.com>
- Re: Issue while changing user password by self
  - From: Clément OUDOT <clement.oudot@savoirfairelinux.com>

Prev by Date: Re: Segmentation fault (core dumped) on ldapmodify
Next by Date: RE: Issue while changing user password by self
Index(es):
- Chronological
- Thread