I know this is an old issue and I've searched on the net and tried those, but haven't had any luck. I'm using openldap 2.3.43.
In /etc/openldap/slapd.conf, I have set:
access to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
(Of course restarted the slapd), but no luck. Insufficient permissions.
The logs shows the account binding successfully, but then:
vm001 slapd[pid]: => access_allowed: backend default write access denied to "uid=james,ou=Users,o=dallas"
The complete logs are below. As a test I even tried giving global write access to the password, but it still doesn't work. (The only one who is able to change a users password is the Directory administrator)
General log: ------------ vm001 slapd[pid]: conn=2 fd=17 ACCEPT from IP=127.0.0.1:36479 (IP=0.0.0.0:389) vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt" method=128 vm001 slapd[pid]: conn=2 op=0 BIND dn="uid=james,ou=users,o=masprt" mech=SIMPLE ssf=0 vm001 slapd[pid]: conn=2 op=0 RESULT tag=97 err=0 text= vm001 slapd[pid]: conn=2 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new vm001 slapd[pid]: conn=2 op=2 UNBIND vm001 slapd[pid]: conn=2 op=1 RESULT oid= err=50 text= vm001 slapd[pid]: conn=2 fd=17 closed
With Debuging with ACL Listing: --------------------------------
vm001 slapd[pid]: conn=5 fd=16 ACCEPT from IP=127.0.0.1:47612 (IP=0.0.0.0:389) vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=users,o=masprt" method=128 vm001 slapd[pid]: => access_allowed: auth access to "uid=james,ou=Users,o=masprt" "userPassword" requested vm001 slapd[pid]: => access_allowed: backend default auth access granted to "(anonymous)" vm001 slapd[pid]: conn=5 op=0 BIND dn="uid=james,ou=Users,o=masprt" mech=SIMPLE ssf=0 vm001 slapd[pid]: conn=5 op=0 RESULT tag=97 err=0 text= vm001 slapd[pid]: conn=5 op=1 PASSMOD id="uid=james,ou=users,o=masprt" new vm001 slapd[pid]: => access_allowed: backend default write access denied to "uid=james,ou=Users,o=masprt" vm001 slapd[pid]: conn=5 op=1 RESULT oid= err=50 text= vm001 slapd[pid]: conn=5 op=2 UNBIND vm001 slapd[pid]: conn=5 fd=16 closed
Any help or idea would be appreciated.
thanks, James