slapd configuration problem
Aleksandar Milivojevic
amilivojevic at pbl.ca
Tue Dec 21 14:30:35 UTC 2004
Gianluca Sforna wrote:
> Basically, I am at a point where users can login properly, but they
> can not change their password. Some info for troubleshooting:
> -bash-3.00$ passwd
> Changing password for user test.
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information update failed: Can't contact LDAP server
>
> passwd: Permission denied
>
> and in the client log I have:
> passwd[29686]: pam_ldap: ldap_modify_s Insufficient access
> my actual slapd.conf access section:
> access to * by * read
>
> access to attr=userPassword
> by anonymous auth
> by self write
> by * none
In the order they are, this two rules have effect "access to everything
by anybody is read-only".
You need to reverse the order of this two rules. Slapd stops parsing
access rules as soon as it finds first match. What you want is:
access to attr=userPassword ...
access to * ...
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list