mesh2005
2005-12-22, 07:32 AM CST
i use openldap 2.3.11 , Heimdal Kerberos , Fedora 4
login authenticated through kerberos and i use ldap for user info (instead of NIS)
the problem is i cannot change password for any authenticated user using GSSAPI even with rootdn
i tried to use -x and it worked only with the rootdn
here is my ACL files: (manager is my rootdn)
************************************************** ************************************************** *********************
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,d c=org" attrs=userPassword
by dn="cn=Manager,dc=test,dc=domain,dc=mydomain,dc=org" write
by self write
by * auth
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,d c=org"
by * read
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,d c=org"
by self write
by * read
************************************************** ************************************************** *********************
and here is the error:
************************************************** ************************************************** **********************
ldappasswd -Y GSSAPI -S "uid=sonne,ou=People,dc=test,dc=domain,dc=mydomain, dc=org "
New password:
Re-enter new password:
SASL/GSSAPI authentication started
SASL username: sonne@TEST.DOMAIN.MYDOMAIN.ORG
SASL SSF: 56
SASL installing layers
Result: Insufficient access (50)
************************************************** ***************************
i hope you can help!
thanks alot
login authenticated through kerberos and i use ldap for user info (instead of NIS)
the problem is i cannot change password for any authenticated user using GSSAPI even with rootdn
i tried to use -x and it worked only with the rootdn
here is my ACL files: (manager is my rootdn)
************************************************** ************************************************** *********************
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,d c=org" attrs=userPassword
by dn="cn=Manager,dc=test,dc=domain,dc=mydomain,dc=org" write
by self write
by * auth
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,d c=org"
by * read
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,d c=org"
by self write
by * read
************************************************** ************************************************** *********************
and here is the error:
************************************************** ************************************************** **********************
ldappasswd -Y GSSAPI -S "uid=sonne,ou=People,dc=test,dc=domain,dc=mydomain, dc=org "
New password:
Re-enter new password:
SASL/GSSAPI authentication started
SASL username: sonne@TEST.DOMAIN.MYDOMAIN.ORG
SASL SSF: 56
SASL installing layers
Result: Insufficient access (50)
************************************************** ***************************
i hope you can help!
thanks alot