Still fighting openldap
m.roth2006 at rcn.com
m.roth2006 at rcn.com
Tue Feb 19 18:01:21 UTC 2008
Following myself up...
>Date: Tue, 19 Feb 2008 12:12:13 -0500 (EST)
>From: <m.roth2006 at rcn.com>
>
>Ok. ACL:
> access: to attrs=shadowLastChange,userPassword
> by self write
> by anonymous auth
>
> access to *
> by * read
> by anonymous auth
>
>I left the shadowLastChange, hoping that it would fix at least one problem, but no joy: I can log onto other servers with my new password... but not into the ldap server - it still wants my old password, and I, as a user, am not in either /etc/password or /etc/shadow.
>
>Next problem: I've got another user trying to change their password, and they keep getting an insufficient access (50).
>
>Any clues? (Still 2.3.39, RHEL 4)
I've tried changing the first stanza to:
access: to attrs=shadowLastChange,userPassword
by * read
by self write
by anonymous auth
thinking that it had to have anon authority to read, in order to find the user/password, but that only changes the error to invalid credentials
mark
More information about the redhat-list
mailing list