Hi there guys.
I'm facing a problem with my acl, basically I want my users be able to
change their password, but I always get
New password:
Re-enter new password:
ldap_initialize(ldap://ldapserver )
Enter LDAP Password:
Result: Insufficient access (50)
>From the logs
access_allowed: backend default write access denied to userxxxx
Reading some posts, someone suggested to add olcAccess: {0} to * by *
write to the ACL, which I tested bu with no luck, I'm just using
simple
authentication, no ssl or that king of stuff.
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0} to * by * write
The weird thing is that I still see the anonymous access.
slap_access_allowed: backend default auth access granted to "(anonymous)"
I'm trying to change the password locally from the ldap server itself,
from the client doesn't work either, I'm using nslcd.conf and I'm not
allowing anon logins, but it seems
that by default in some place it' allowing it.
These are the default password policies:
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: 2.5.4.35
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdSafeModify: FALSE
sn: dummy value
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdMaxFailure: 5
pwdMinAge: 0
pwdMaxAge: 0
pwdMustChange: TRUE
pwdMinLength: 5
I'm Using:
openldap-servers-2.4.23-26.el6_3.2.x86_6
Centos 6.3
If you need more information just let me know.
Thanks in advance.
Best regards
