hi,guys
I can't chang user password via simple authentication at ldap client.
I have set acl rule in slapd.conf.
access to attr=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=abc,dc=com" write
by * none
access to *
by self write
by dn.base"cn=Manager,dc=abc,dc=com" write
by * read
ldappasswd -x -D "uid=bobliu,ou=it,dc=abc,dc=com" -W -S
New password:
Re-enter new password:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
but can use ldapsearch via simple authentication.
what about problem. thks
On 04/09/15 12:59 +0800, rockwang wrote:
hi,guys
I can't chang user password via simple authentication at ldapclient.
I have set acl rule in slapd.conf.
access to attr=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=abc,dc=com" write by * noneaccess to * by self write by dn.base"cn=Manager,dc=abc,dc=com" write by * read
ldappasswd -x -D "uid=bobliu,ou=it,dc=abc,dc=com" -W -S
New password: Re-enter new password: Enter LDAP Password: ldap_bind: Invalid credentials (49)
but can use ldapsearch via simple authentication. what about problem. thks
Are you positive that you are successfully authenticating with ldapsearch? Your 'by * read' for 'access to *' would allow anonymous users read access to everything except the userPassword entry. See chapter 8 in the OpenLDAP Admin Guide for a saner example.
Use debugging/logging to trouble shoot. See slapd(8), and slapd.conf(5).
openldap-technical@openldap.org
-
Dan White -
rockwang