Maria McKinley wrote:
Hi there,
I can change the shadowLastChange attribute:
maria@mimi:~/sysadmin/ldap$ ldapmodify -x -v -r -W -D
"cn=admin,dc=example,dc=com" -f pass.expldap_initialize( <DEFAULT> )
Enter LDAP Password:
replace shadowLastChange:
15786
modifying entry "uid=chris,ou=people,dc=example,dc=com"
modify complete
But, I can't see it:
annette:~# ldapsearch -x "uid=chris" shadowLastChange
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: uid=chris
# requesting: shadowLastChange
#
# chris, people, example.com <http://example.com>
dn: uid=chris,ou=people,dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Even though this is my permission:
olcAccess: {0}to attrs=shadowLastChange by self write by anonymous auth by dn=
"cn=admin,dc=example,dc=com" write by * read
olcAccess: {1}to attrs=userPassword by self write by anonymous auth by dn="cn=
admin,dc=example,dc=com" write by * none
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" write by *
read
Have I done something wrong with my permissions? Is there something else that
could be going on here?
Looks like it's behaving exactly as you specified. As admin you have write
access. When you searched anonymously, you got no access. (You gave anonymous
auth access, but a search is obviously not an auth request.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/