Hello,
I am trying to allow users to change
their own passwords
OS
RHEL7
Openldap
version 2.4.39-7.el7_1.x86_64
ACL in slapd.conf
disallow
bind_anon
access to attrs=userPassword
by self
write
by dn.base="cn=mirrormode,dc=rnd,dc=com"
read
by dn.base="cn=binduser,dc=rnd,dc=com"
read
by * auth
access to *
by dn.base="cn=mirrormode,dc=rnd,dc=com"
read
by dn.base="cn=binduser,dc=rnd,dc=com"
read
by * break
access to *
by dn="cn=Manager,dc=rnd,dc=com"
by users
read
by self write
by * auth
from client machine 'user5' is trying
to change own password and getting following error
$ ldappasswd -H ldaps://ldapdev.rnd.com:636
-x -D "cn=user 5,ou=people,dc=rnd,dc=com" -W -A -S
Old password:
Re-enter old password:
New password:
Re-enter new password:
Enter LDAP Password:
Result: Insufficient access (50)
Additional info: User alteration of
password is not allowed
This error looks like issue with permissions,
yet i have already allowed access to attrs=userPassword by self write
in slapd.conf, please let me know if there is any thing wrong in above
ACL and why i am getting this error
Thanks & Regards
Raj=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you