Hey, have you took a look into your syslog messages and enabled logging in your slapd config?
bye. On Thu, Dec 2, 2010 at 15:26, Holger Schier <[email protected]> wrote: > Hi guys, > > my ldapserver works fine now, but the first users are arriving. > The normal user should change their own password. So, everyone thinks of > passwd in the shell. > > But: > LDAP password information update failed: Insufficient access > Must supply old password to be changed as well as new one > > Here is my ACL: > > olcAccess: {0} to > attrs=pwdChangedTime,pwdAccountLockedTime,pwdFailureTime,pwdH > istory,pwdGraceUseTime,pwdReset > by * none > > olcAccess: {1}to attrs=userPassword > by self write > by * auth > > olcAccess: {2}to attrs=shadowLastChange > by self write > by dn.base="cn=BINDUSER,dc=MY,dc=DC" read > by users read > by * auth > > olcAccess: {3}to attrs=userPKCS12 > by self read > by * none > > olcAccess: {4}to * > by dn.base="cn=BINDUSER,dc=MY,dc=DC" read > by * none > > I tried the same with > olcAccess: {4}to * > by * read > > and allowing anonymous binds, but same error. > passwd seems to try to bind with the binduser and then to read and to > write the userPassword, but only has auth access. > > Has anyone an idea how to enable this? > > Thanks a lot. > Holger > -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
