ACL Problem, Insufficient access (50)

**mesh2005** · 12-22-2005

i use openldap 2.3.11 , Heimdal Kerberos , Fedora 4

login authenticated through kerberos and i use ldap for user info (instead of NIS)

the problem is i cannot change password for any authenticated user using GSSAPI even with rootdn
i tried to use -x and it worked only with the rootdn

here is my ACL files: (manager is my rootdn)
************************************************** ************************************************** *********************
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc= mydomain,dc=org" attrs=userPassword
by dn="cn=Manager,dc=test,dc=domain,dc=mydomain,dc=or g" write
by self write
by * auth
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc= mydomain,dc=org"
by * read
access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc= mydomain,dc=org"
by self write
by * read
************************************************** ************************************************** *********************

and here is the error:
************************************************** ************************************************** **********************
ldappasswd -Y GSSAPI -S "uid=sonne,ou=People,dc=test,dc=domain,dc=mydomain ,dc=org "
New password:
Re-enter new password:
SASL/GSSAPI authentication started
SASL username: sonne@TEST.DOMAIN.MYDOMAIN.ORG
SASL SSF: 56
SASL installing layers
Result: Insufficient access (50)
************************************************** ***************************

i hope you can help!
thanks alot

**winter** · 12-22-2005

It sounds like your kerberos ACL instead. check and amend permisions in the kerberos ACL

Thread Tools

Display

ACL Problem, Insufficient access (50)

Posting Permissions