Le 23/12/2015 08:04, Rajagopal Rc a écrit :
Hello,
I am trying to allow users to change their own passwords
OS RHEL7 Openldap version 2.4.39-7.el7_1.x86_64*ACL in slapd.conf*
disallow bind_anon*access to attrs=userPassword*
by self write* by dn.base="cn=mirrormode,dc=rnd,dc=com" read by dn.base="cn=binduser,dc=rnd,dc=com" read by * authaccess to * by dn.base="cn=mirrormode,dc=rnd,dc=com" read by dn.base="cn=binduser,dc=rnd,dc=com" read by * break
access to * by dn="cn=Manager,dc=rnd,dc=com" by users read by self write by * auth
from client machine 'user5' is trying to change own password and getting following error
$ ldappasswd -H ldaps://ldapdev.rnd.com:636 -x -D "cn=user 5,ou=people,dc=rnd,dc=com" -W -A -S Old password: Re-enter old password: New password: Re-enter new password: Enter LDAP Password: Result: Insufficient access (50) Additional info: User alteration of password is not allowed
This error looks like issue with permissions, yet i have already allowed *access to attrs=userPassword by self write *in slapd.conf, please let me know if there is any thing wrong in above ACL and why i am getting this error
This may be linked to your configuration of ppolicy overlay. Check the pwdAllowUserChange attribute of your policy entry, it should be set to TRUE.