hi, Dan thanks for u answer. I still a little confused about it. I run the following command /opt/openldap/bin/ldappasswd -x -D "uid=bobliu,ou=it,dc=abc,dc=com" -W -S New password: Re-enter new password: Enter LDAP Password: Result: Insufficient access (50)
when I run ldapsearch is ok.
/opt/openldap/bin/ldapsearch -x -D "uid=bobliu,ou=it,dc=abc,dc=com" -W
# bobliu, it, abc.com dn: uid=bobliu,ou=it,dc=abc,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: bobliu sn: fei givenName: bobliu cn: bobliu displayName: bobliu uidNumber: 10010 gidNumber: 10010 loginShell: /bin/bash homeDirectory: /home/bobliu mail: bobliu@abc.com userPassword:: e3NzaGF9c1RLZW5oL2kxdmlocGw1NG55dUQybHA4ZldSM3o5RzIwdGZwSnc9PQ= =
any advice. thanks
On 04/02/2015 01:40 AM, Dan White wrote:
On 03/31/15 17:47 +0800, rockwang wrote:
access to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=abc,dc=com" by * none
access to * by self write by dn.base="cn=Manager,dc=abc,dc=com" by * read by * none
my question is user can't change his own password. I use following command so I have different result.
<img /> > when not add -x <img />
Consult the manpage for ldappasswd. In the first case (simple bind) you did not provide a binddn (-D). In the second case, you directed ldappasswd to perform a SASL bind but did not correctly provide an authentication identity, and the sasl mechanism negotiated could not derive one.
Hint: if using a simple bind, specify a full DN (with -D), and not a uid.