Hello,
I getting the following error: "LDAP password information update failed: Insufficient access Operations are restricted to bind/unbind/abandon/StartTLS/modify password"
when I try to add pwdReset on users.
LDAP: 2.4.9 SLAPD ACL: http://pastebin.com/m45ad1781
Thanks, grexk
Hi,
greek ordono grexk@yahoo.com writes:
Hello,
I getting the following error: "LDAP password information update failed: Insufficient access Operations are restricted to bind/unbind/abandon/StartTLS/modify password"
when I try to add pwdReset on users.
Run slapd -d acl
-Dieter
I'm getting this error:
=> access_allowed: read access to "uid=techsupport,ou=Users,dc=moldex,dc=group" "userPassword" requested => acl_get: [1] attr userPassword => slap_access_allowed: result not in cache (userPassword) => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=replicator,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: * <= acl_mask: [2] applying +0 (break) <= acl_mask: [2] mask: =0 => acl_get: [2] attr userPassword => slap_access_allowed: result not in cache (userPassword) => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=samba,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: cn=nssldap,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: cn=squid,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: self <= check a_dn_pat: anonymous <= acl_mask: [5] applying auth(=xd) (stop) <= acl_mask: [5] mask: auth(=xd) => slap_access_allowed: read access denied by auth(=xd) => access_allowed: no more rules send_search_entry: conn 9 access to attribute userPassword, value #0 not allowed
--- On Sat, 7/26/08, Dieter Kluenter dieter@dkluenter.de wrote: From: Dieter Kluenter dieter@dkluenter.de Subject: Re: ppolicy pwdReset To: openldap-software@openldap.org Date: Saturday, July 26, 2008, 3:06 PM
Hi,
greek ordono grexk@yahoo.com writes:
Hello,
I getting the following error: "LDAP password information update failed: Insufficient access
Operations are restricted to bind/unbind/abandon/StartTLS/modify
password"
when I try to add pwdReset on users.
Run slapd -d acl
-Dieter
greek ordono grexk@yahoo.com writes:
I'm getting this error:
=> access_allowed: read access to "uid=techsupport,ou=Users,dc=moldex,dc=group" "userPassword" requested => acl_get: [1] attr userPassword => slap_access_allowed: result not in cache (userPassword) => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=replicator,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: * <= acl_mask: [2] applying +0 (break) <= acl_mask: [2] mask: =0 => acl_get: [2] attr userPassword => slap_access_allowed: result not in cache (userPassword) => acl_mask: access to entry "uid=techsupport,ou=Users,dc=moldex,dc=group", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=samba,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: cn=nssldap,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: cn=squid,ou=dsa,dc=moldex,dc=group <= check a_dn_pat: self <= check a_dn_pat: anonymous <= acl_mask: [5] applying auth(=xd) (stop) <= acl_mask: [5] mask: auth(=xd) => slap_access_allowed: read access denied by auth(=xd) => access_allowed: no more rules send_search_entry: conn 9 access to attribute userPassword, value #0 not allowed
For this search your rule no. 5 is applicable, and this rule disallows read access to attribute userPassword. Change your access rules accordingly.
-Dieter
On Saturday 26 July 2008 07:52:16 greek ordono wrote:
Hello,
I getting the following error: "LDAP password information update failed: Insufficient access Operations are restricted to bind/unbind/abandon/StartTLS/modify password"
when I try to add pwdReset on users.
LDAP: 2.4.9 SLAPD ACL: http://pastebin.com/m45ad1781
You only later mentioned that you were using smbk5pwd. Since you are, please look at ITS #5569. You should upgrade to 2.4.11. In the changelog for 2.4.11, you will find:
Fixed slapo-ppolicy modify with internal ops (ITS#5569)
Regards, Buchan
Thank you very much its working now.
--- On Mon, 7/28/08, Buchan Milne bgmilne@staff.telkomsa.net wrote: From: Buchan Milne bgmilne@staff.telkomsa.net Subject: Re: ppolicy pwdReset To: openldap-software@openldap.org, grexk@yahoo.com Date: Monday, July 28, 2008, 7:53 PM
On Saturday 26 July 2008 07:52:16 greek ordono wrote:
Hello,
I getting the following error: "LDAP password information update failed: Insufficient access Operations are restricted to bind/unbind/abandon/StartTLS/modify
password"
when I try to add pwdReset on users.
LDAP: 2.4.9 SLAPD ACL: http://pastebin.com/m45ad1781
You only later mentioned that you were using smbk5pwd. Since you are, please look at ITS #5569. You should upgrade to 2.4.11. In the changelog for 2.4.11, you will find:
Fixed slapo-ppolicy modify with internal ops (ITS#5569)
Regards, Buchan
openldap-software@openldap.org
-
Buchan Milne -
Dieter Kluenter -
greek ordono