As mentioned, I zeroed out the access log, executed one operation, and saw nothing but srch and result and bind operations in the access log. I don’t find a modify or a write warning, and the error log is empty.
From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Friday, February 18, 2011 1:44 PM To: General discussion list for the 389 Directory server project. Cc: Beamon, John Subject: Re: [389-users] (Insufficient 'write' privileges to the 'userPassword') when executing passwd change On 02/18/2011 11:18 AM, Beamon, John wrote: This is a new install, straight from the docs with 4 boxes in an MMR setup. Attempting a password change from a Linux command line, I get this feedback. $ passwd Changing password for user jbeamon. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Insufficient access Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=jbeamon,ou=people,dc=example,dc=com'. passwd: Permission denied I zeroed out the access and error logs in advance. The error log was empty; the access log was nothing but SRCH, BIND, and RESULT entries for my account. Nothing about access problems or attempted modifies. A web search for this error message revealed one conversation in Jan 2009 that ended with "I fixed my aci and the problem went away". I haven't knowingly changed any acis since install. At the global level, user may change password. At the userRoot suffix level, user can change password and fine-grained policy is enabled. A password reset by directory manager succeeds and replicates around. Does anyone else recognize this? Look for this sequence of operations in your directory server access log. -j -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
PGP.sig
Description: PGP signature
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
