Hi
here is my command
ldappasswd -h localhost -D "mail=edergi@.....mail.......edu.tr ,ou=SOME_UNIT,jvd=.....mail........edu.tr,o=hosting,dc=myhosting,dc=example" -w 123456 -a 123456 -s somepassowrd Result: Insufficient access (50)
AND debug output
(by the way how can i sure my regex match my entry, are the usefull regex tool for check this.) i chenged my regex with dn.regex=".*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
thanks
----------------------------------------------------------------------------------------------------------------------------- conn=1000 op=1 PASSMOD old new bdb_dn2entry("mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") => bdb_entry_get: ndn: "mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" => bdb_entry_get: oc: "(null)", at: "userPassword" bdb_dn2entry("mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") => bdb_entry_get: found entry: "mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" bdb_entry_get: rc=0 => access_allowed: result not in cache (userPassword) => access_allowed: auth access to "mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr,o=hosting,dc=myhosting,dc=example" "userPassword" requested => slap_access_allowed: backend default auth access granted to "mail=edergi@ .......mail.........edu.tr,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" => access_allowed: auth access granted by read(=rscxd) => bdb_entry_get: ndn: "mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") => bdb_entry_get: found entry: "mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" bdb_entry_get: rc=0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=myhosting,dc=example" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=default,ou=policies,dc=myhosting,dc=example") => bdb_entry_get: found entry: "cn=default,ou=policies,dc=myhosting,dc=example" bdb_entry_get: rc=0 bdb_modify: mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example slap_queue_csn: queing 0x7f31f34201d0 20111220095453.284620Z#000000#000#000000 bdb_dn2entry("mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example") bdb_modify_internal: 0x00000015: mail=edergi@.......mail.........edu.tr ,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example => access_allowed: backend default write access denied to "mail=edergi@ .......mail.........edu.tr,ou=SOME_UNIT,jvd=.......mail.........edu.tr ,o=hosting,dc=myhosting,dc=example" bdb_modify: modify failed (50) send_ldap_result: conn=1000 op=1 p=3 ------------------------------------------------------------END ---------------------------------
On Tue, Dec 20, 2011 at 11:34 AM, Buchan Milne bgmilne@staff.telkomsa.netwrote:
On Tuesday, 20 December 2011 10:55:12 Selcuk Yazar wrote:
Hi,
I want to ldap users to change their password.
sample user dn is mail=edergi@.....mail......edu.tr<
http://193.255.140.119/phpldapadmin/htdoc
s/cmd.php?cmd=template_engine&server_id=1&dn=mail%3Dedergi%40trakyamail.tra
kya.edu.tr%2Cou%3DKURUMSAL_SISTEMSEL%2Cjvd%3Dtrakyamail.trakya.edu.tr
%2Co%3
Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> ,ou=<
http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engin
e&server_id=1&dn=ou%3DKURUMSAL_SISTEMSEL%2Cjvd%
3Dtrakyamail.trakya.edu.tr%2
Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> SOME_UNIT,jvd=.....mail.......edu.tr<
http://193.255.140.119/phpldapadmin/h
tdocs/cmd.php?cmd=template_engine&server_id=1&dn=jvd%3Dtrakyamail.trakya.ed
u.tr%2Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample> ,o=hosting<
http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template
_engine&server_id=1&dn=o%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample>
and we have acl rules in slapd.conf
access to
dn.regex=".*,ou=.*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
attrs=userPassword by self write bygroup/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc
=myhosting,dc=example" write by * auth by * none
access to dn.regex=".*jvd=([^,]+),o=hosting,dc=myhosting,dc=example" by self write by
group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc
=myhosting,dc=example" write by * read
access to * by * read
i apply various rules from openldap documentation, but no one works.
It is not clear whether your 'sample user dn' matches the regex in your first rule.
Why don't you provide a password changing attempt, done with 'ldappasswd', showing the full commandline, and all output.
why users can't chage their password ?
If you had provided the error code, we could have been relatively sure, but I will guess they don't have sufficient access because your regex isn't matching.
Regards, Buchan