On Tue, April 12, 2016 13:55, David Magda wrote: [...]
I'm guessing I may need to set idassert-authzFrom (olc equiv?) to something. Is this correct? If so, should it be restricted to ou=People? If not, what am I missing?
I added the following on the slave:
olcDbIDAssertAuthzFrom: {0}"dn:*"
Still got the same error from the master:
Apr 19 13:06:56 ops slapd[4632]: conn=15 fd=32 ACCEPT from IP=sl.av.ee.ee:38813 (IP=0.0.0.0:389) Apr 19 13:06:56 ops slapd[4632]: conn=15 op=0 BIND dn="" method=128 Apr 19 13:06:56 ops slapd[4632]: conn=15 op=0 RESULT tag=97 err=0 text= Apr 19 13:06:56 ops slapd[4632]: conn=15 op=1 EXT oid=1.3.6.1.4.1.4203.1.11.1 Apr 19 13:06:56 ops slapd[4632]: conn=15 op=1 PASSMOD Apr 19 13:06:56 ops slapd[4632]: conn=15 op=1 RESULT oid= err=8 text=only authenticated users may change passwords Apr 19 13:06:56 ops slapd[4632]: conn=15 op=2 UNBIND Apr 19 13:06:56 ops slapd[4632]: conn=15 fd=32 closed