Re: Issue while changing user password by self

[Rajagopal Rc]

Thanks for you response, Yes you are right the issue was with ppolicy 
pwdAllowUserChange attribute as it was set to FALSE, it is working fine 
now after changing it to TRUE

Thanks & Regards
Raj




From:   Clément OUDOT <clement.ou...@savoirfairelinux.com>
To:     openldap-technical@openldap.org
Date:   12/23/2015 10:57 PM
Subject:        Re: Issue while changing user password by self
Sent by:        "openldap-technical" 
<openldap-technical-boun...@openldap.org>





Le 23/12/2015 08:04, Rajagopal Rc a écrit :
Hello, 

I am trying to allow users to change their own passwords 

        OS                        RHEL7 
        Openldap version         2.4.39-7.el7_1.x86_64 

ACL in slapd.conf 
        
        disallow bind_anon 

access to attrs=userPassword 
       by self write 
       by dn.base="cn=mirrormode,dc=rnd,dc=com" read 
       by dn.base="cn=binduser,dc=rnd,dc=com" read 
       by * auth 


access to * 
       by dn.base="cn=mirrormode,dc=rnd,dc=com" read 
       by dn.base="cn=binduser,dc=rnd,dc=com" read 
       by * break 

access to * 
       by dn="cn=Manager,dc=rnd,dc=com" 
       by users read 
       by self write 
       by * auth 

from client machine 'user5' is trying to change own password and getting 
following error 

$ ldappasswd -H ldaps://ldapdev.rnd.com:636 -x -D "cn=user 
5,ou=people,dc=rnd,dc=com" -W -A  -S 
Old password: 
Re-enter old password: 
New password: 
Re-enter new password: 
Enter LDAP Password: 
Result: Insufficient access (50) 
Additional info: User alteration of password is not allowed 

This error looks like issue with permissions, yet i have already allowed 
access to attrs=userPassword by self write in slapd.conf, please let me 
know if there is any thing wrong in above ACL and why i am getting this 
error 


This may be linked to your configuration of ppolicy overlay. Check the 
pwdAllowUserChange attribute of your policy entry, it should be set to 
TRUE.

-- 
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you