Okay, this might be as easy as my last problem (forgetting to set m-disable=FALSE in a schema):
I've added a simple test-user to my partition, dn: uid=schumar,[...],dc=com krb5keyversionnumber: 1 sn: Schuster objectClass: krb5Principal objectClass: krb5KDCEntry objectClass: person objectClass: posixAccount objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top cn: Martin Schuster krb5principalname: [EMAIL PROTECTED] userpassword:: emFr uid: schumar uidnumber: 1234 gidnumber: 1432 homedirectory: /home/schumar The krb5-stuff is what I want to use next, but right now I'm stuck one step earlier: Doing ldapsearch -w zak -D 'uid=schumar,[...],dc=com' -b 'dc=com' '(uid=schumar)' -x works fine (apart from the server spewing out ERROR [org.apache.directory.server.ldap.support.UnbindHandler] - failed to unbind session properly at the end) But if the user tries to change his password using ldappasswd -a zak -D 'uid=schumar,[...],dc=com' -x he gets ldap_bind: Invalid credentials (49) and the server says INFO [org.apache.directory.server.core.authn.SimpleAuthenticator] - Password not correct for user 'uid=schumar,[...],dc=com' accessControl is disabled, so if I understood correctly this isn't a problem with ACIs, right? btw, I have the same problem when trying to bind with uid=admin,ou=system with ldappasswd. Next question: If I got this right, the interceptor for Kerberus should generate a kerberos-key as soon as I manage to use ldappasswd to change my userPassword, right? thanks in advance, -- Martin Schuster Infineon Technologies IT-Services GmbH Tel: +43 5 1777 3517 <[EMAIL PROTECTED]> Lakeside B05 9020 Klagenfurt, Austria FB: LG Klagenfurt, FN 246787y VISIT US AT http://www.infineon.com/austria
