Hello,
I'll appreciate it if any of you are willing to take time and share with me your experience with OpenLDAP running on a RedHat server configured with group ACL.
I'm trying to grant a group of people (including myself) the permission to change user LDAP passwords. However, when I try to change a user's LDAP password, I received the following message:
Result: Insufficient access (50)
The command that I used was:
ldappasswd -x -W -D "uid=l_luke,ou=Netgroup,dc=mydomain,dc=com" -S "uid=w_smith,ou=People,dc=mydomain,dc=com"
My ACL settings in the slapd.conf file are:
access to attr=userPassword by self write by anonymous auth by group.exact="cn=ITgroup,ou=Netgroup,dc=mydomain,dc=com" write by * none access to * by self write by group.exact="cn=ITgroup,ou=Netgroup,dc=mydomain,dc=com" write by * read
My netgroup has been defined as the following:
dn: cn=ITgroup,ou=Netgroup,dc=mydomain,dc=com objectClass: nisNetgroup objectClass: top cn: ITgroup nisNetgroupTriple: (,l_luke,mydomain.com) nisNetgroupTriple: (,w_smith,mydomain.com) nisNetgroupTriple: (,g_baker,mydomain.com) description: Password Keepers
My user entry is:
# l_luke, People mydomain.com dn: uid=l_luke,ou=People,dc=mydomain,dc=com uid: l_luke cn: l_luke objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13958 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 10005 gidNumber: 10005 homeDirectory: /home/l_luke gecos: Luke Lee
Can anyone point me to the right direction or share with me the correct group ACL settings that you have? Thanks!
____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs