Find the answer to your Linux question:
Results 1 to 2 of 2
i use openldap 2.3.11 , Heimdal Kerberos , Fedora 4 login authenticated through kerberos and i use ldap for user info (instead of NIS) the problem is i cannot change ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2005
    Posts
    21

    ACL Problem, Insufficient access (50)


    i use openldap 2.3.11 , Heimdal Kerberos , Fedora 4

    login authenticated through kerberos and i use ldap for user info (instead of NIS)

    the problem is i cannot change password for any authenticated user using GSSAPI even with rootdn
    i tried to use -x and it worked only with the rootdn

    here is my ACL files: (manager is my rootdn)
    ************************************************** ************************************************** *********************
    access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc= mydomain,dc=org" attrs=userPassword
    by dn="cn=Manager,dc=test,dc=domain,dc=mydomain,dc=or g" write
    by self write
    by * auth
    access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc= mydomain,dc=org"
    by * read
    access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc= mydomain,dc=org"
    by self write
    by * read
    ************************************************** ************************************************** *********************

    and here is the error:
    ************************************************** ************************************************** **********************
    ldappasswd -Y GSSAPI -S "uid=sonne,ou=People,dc=test,dc=domain,dc=mydomain ,dc=org "
    New password:
    Re-enter new password:
    SASL/GSSAPI authentication started
    SASL username: sonne@TEST.DOMAIN.MYDOMAIN.ORG
    SASL SSF: 56
    SASL installing layers
    Result: Insufficient access (50)
    ************************************************** ***************************

    i hope you can help!
    thanks alot

  2. #2
    Linux User
    Join Date
    Jul 2005
    Posts
    369
    It sounds like your kerberos ACL instead. check and amend permisions in the kerberos ACL
    All i want for christmas is a new liver....a second chance to get afflicted with Cirrhosis

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •