Hey, have you took a look into your syslog messages and enabled logging in your slapd config?
bye.
On Thu, Dec 2, 2010 at 15:26, Holger Schier hschier@mathematik.uni-mainz.de wrote:
Hi guys,
my ldapserver works fine now, but the first users are arriving. The normal user should change their own password. So, everyone thinks of passwd in the shell.
But: LDAP password information update failed: Insufficient access Must supply old password to be changed as well as new one
Here is my ACL:
olcAccess: {0} to attrs=pwdChangedTime,pwdAccountLockedTime,pwdFailureTime,pwdH istory,pwdGraceUseTime,pwdReset by * none
olcAccess: {1}to attrs=userPassword by self write by * auth
olcAccess: {2}to attrs=shadowLastChange by self write by dn.base="cn=BINDUSER,dc=MY,dc=DC" read by users read by * auth
olcAccess: {3}to attrs=userPKCS12 by self read by * none
olcAccess: {4}to * by dn.base="cn=BINDUSER,dc=MY,dc=DC" read by * none
I tried the same with olcAccess: {4}to * by * read
and allowing anonymous binds, but same error. passwd seems to try to bind with the binduser and then to read and to write the userPassword, but only has auth access.
Has anyone an idea how to enable this?
Thanks a lot. Holger