my setup:
389-ds server, Centos6
Various clients - Centos5/6, Fedora, Debian
For some reason users can no longer change their passwords. They log
in via ssh, run "passwd", but then it says:
Password change failed. Server message: Insufficient access rights
In the server I can see:
[06/Jun/2016:14:30:14 +0300] conn=1750620 fd=182 slot=182 SSL
connection from 172.16.18.52 to 172.16.18.254
[06/Jun/2016:14:30:14 +0300] conn=1750620 TLS1.2 256-bit AES
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=0 BIND
dn="uid=username,ou=People,dc=dom,dc=com" method=128 version=3
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=0 RESULT err=0 tag=97
nentries=0 etime=0.007000 dn="uid=username,ou=people,dc=dom,dc=com"
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=1 EXT
oid="1.3.6.1.4.1.4203.1.11.1" name="passwd_modify_extop"
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=1 RESULT err=50 tag=120
nentries=0 etime=0.001000
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=2 UNBIND
[06/Jun/2016:14:30:14 +0300] conn=1750620 op=2 fd=182 closed - U1
I have "passwordChange: on" in the DS configuration? I have also
checked the ACI for self-entry modifications and the users have the
rights:
(targetattr = "userPassword || telephoneNumber || facsimileTelephoneNumber")
(version 3.0;
acl "Allow self entry modification";
allow (write)
(userdn = "ldap:///self")
;)
What am I missing here?
Thanks
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
No comments:
Post a Comment