Hi
here is my command ldappasswd -h localhost -D "[email protected] ,ou=SOME_UNIT,jvd=.....mail........edu.tr,o=hosting,dc=myhosting,dc=example" -w 123456 -a 123456 -s somepassowrd Result: Insufficient access (50) AND debug output (by the way how can i sure my regex match my entry, are the usefull regex tool for check this.) i chenged my regex with dn.regex=".*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example" thanks ----------------------------------------------------------------------------------------------------------------------------- conn=1000 op=1 PASSMOD old new bdb_dn2entry("[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") => bdb_entry_get: ndn: "[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" => bdb_entry_get: oc: "(null)", at: "userPassword" bdb_dn2entry("[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") => bdb_entry_get: found entry: "[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" bdb_entry_get: rc=0 => access_allowed: result not in cache (userPassword) => access_allowed: auth access to "[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr,o=hosting,dc=myhosting,dc=example" "userPassword" requested => slap_access_allowed: backend default auth access granted to "mail=edergi@ .......mail.........edu.tr,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" => access_allowed: auth access granted by read(=rscxd) => bdb_entry_get: ndn: "[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") => bdb_entry_get: found entry: "[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" bdb_entry_get: rc=0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=myhosting,dc=example" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=default,ou=policies,dc=myhosting,dc=example") => bdb_entry_get: found entry: "cn=default,ou=policies,dc=myhosting,dc=example" bdb_entry_get: rc=0 bdb_modify: [email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example slap_queue_csn: queing 0x7f31f34201d0 20111220095453.284620Z#000000#000#000000 bdb_dn2entry("[email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") bdb_modify_internal: 0x00000015: [email protected] ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example => access_allowed: backend default write access denied to "mail=edergi@ .......mail.........edu.tr,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" bdb_modify: modify failed (50) send_ldap_result: conn=1000 op=1 p=3 ------------------------------------------------------------END --------------------------------- On Tue, Dec 20, 2011 at 11:34 AM, Buchan Milne <[email protected]>wrote: > On Tuesday, 20 December 2011 10:55:12 Selcuk Yazar wrote: > > Hi, > > > > I want to ldap users to change their password. > > > > sample user dn is > > [email protected]< > http://193.255.140.119/phpldapadmin/htdoc > > > s/cmd.php?cmd=template_engine&server_id=1&dn=mail%3Dedergi%40trakyamail.tra > > kya.edu.tr%2Cou%3DKURUMSAL_SISTEMSEL%2Cjvd%3Dtrakyamail.trakya.edu.tr > %2Co%3 > > Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > > ,ou=< > http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engin > > e&server_id=1&dn=ou%3DKURUMSAL_SISTEMSEL%2Cjvd% > 3Dtrakyamail.trakya.edu.tr%2 > > Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > > SOME_UNIT,jvd=.....mail.......edu.tr< > http://193.255.140.119/phpldapadmin/h > > > tdocs/cmd.php?cmd=template_engine&server_id=1&dn=jvd%3Dtrakyamail.trakya.ed > > u.tr%2Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > > ,o=hosting< > http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template > > _engine&server_id=1&dn=o%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> > > > > and we have acl rules in slapd.conf > > > > access to > dn.regex=".*,ou=.*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example" > > attrs=userPassword > > by self write > > by > > > group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc > > =myhosting,dc=example" write > > by * auth > > by * none > > > > access to dn.regex=".*jvd=([^,]+),o=hosting,dc=myhosting,dc=example" > > by self write > > by > > > group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc > > =myhosting,dc=example" write > > by * read > > > > access to * > > by * read > > > > i apply various rules from openldap documentation, but no one works. > > It is not clear whether your 'sample user dn' matches the regex in your > first > rule. > > Why don't you provide a password changing attempt, done with 'ldappasswd', > showing the full commandline, and all output. > > > why > > users can't chage their password ? > > If you had provided the error code, we could have been relatively sure, > but I > will guess they don't have sufficient access because your regex isn't > matching. > > Regards, > Buchan > -- Selçuk YAZAR http://www.selcukyazar.blogspot.com
