Le 23/12/2015 08:04, Rajagopal Rc a écrit :
Hello,
I am trying to allow users to change their own passwords
OS RHEL7
Openldap version 2.4.39-7.el7_1.x86_64
*ACL in slapd.conf*
disallow bind_anon
*access to attrs=userPassword*
* by self write*
by dn.base="cn=mirrormode,dc=rnd,dc=com" read
by dn.base="cn=binduser,dc=rnd,dc=com" read
by * auth
access to *
by dn.base="cn=mirrormode,dc=rnd,dc=com" read
by dn.base="cn=binduser,dc=rnd,dc=com" read
by * break
access to *
by dn="cn=Manager,dc=rnd,dc=com"
by users read
by self write
by * auth
from client machine 'user5' is trying to change own password and
getting following error
$ ldappasswd -H ldaps://ldapdev.rnd.com:636 -x -D "cn=user
5,ou=people,dc=rnd,dc=com" -W -A -S
Old password:
Re-enter old password:
New password:
Re-enter new password:
Enter LDAP Password:
Result: Insufficient access (50)
Additional info: User alteration of password is not allowed
This error looks like issue with permissions, yet i have already
allowed *access to attrs=userPassword by self write *in slapd.conf,
please let me know if there is any thing wrong in above ACL and why i
am getting this error
This may be linked to your configuration of ppolicy overlay. Check the
pwdAllowUserChange attribute of your policy entry, it should be set to TRUE.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
