Results 1 to 1 of 1

Thread: ACL for userPassword for 'self' - authorized users or wrong settings in pam-ldap.conf

Threaded View

  1. #1
    Join Date
    Jan 2010
    Posts
    14
    Rep Power
    5

    Default ACL for userPassword for 'self' - authorized users or wrong settings in pam-ldap.conf

    Hi,

    ZCS 6.0.x + Ubuntu + Samba -> according to WIKI - works fine, except for:

    1) root#su - YY
    2) YY#passwd
    3) passwd
    Enter login(LDAP) password:
    New password:
    Passwords must differ
    New password:
    Re-enter new password:
    LDAP password information update failed: Unknown error

    passwd: Permission denied
    passwd: password unchanged

    and this is from LDAP ZCS:

    Jan 10 15:30:17 mail slapd[22065]: conn=609154 fd=66 ACCEPT from IP=192.168.89.3:33787 (IP=192.168.89.6:389)
    Jan 10 15:30:17 mail slapd[22065]: conn=609154 op=0 BIND dn="uid=zmposixroot,cn=appaccts,cn=zimbra" method=128
    Jan 10 15:30:17 mail slapd[22065]: conn=609154 op=0 BIND dn="uid=zmposixroot,cn=appaccts,cn=zimbra" mech=SIMPLE ssf=0
    Jan 10 15:30:17 mail slapd[22065]: conn=609154 op=0 RESULT tag=97 err=0 text=
    Jan 10 15:30:17 mail slapd[22065]: conn=609154 op=1 SRCH base="ou=people,dc=XXX,dc=XX" scope=1 deref=0 filter="(uid=YY)"
    Jan 10 15:30:17 mail slapd[22065]: conn=609154 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
    ....
    Jan 10 13:27:47 mail slapd[22065]: conn=609154 op=4 MOD dn="uid=YY,ou=people,dc=XXX,dc=XX"
    Jan 10 13:27:47 mail slapd[22065]: conn=609154 op=4 MOD attr=userPassword
    Jan 10 13:27:47 mail slapd[22065]: conn=609154 op=4 RESULT tag=103 err=50 text=

    and this is what was added to ACLs:

    olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by d
    n.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by * read
    olcAccess: {10}to dn.subtree="dc=XXX,dc=XX" by dn.children="cn=admins,cn=
    zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by d
    n.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {11}to dn.subtree="ou=machines,dc=XXX,dc=XX" by dn.children="c
    n=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra
    " write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {12}to dn.subtree="ou=groups,dc=XXX,dc=XX" by dn.children="cn=
    admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra"
    write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {13}to dn.subtree="ou=people,dc=XXX,dc=XX" by dn.children="cn=
    admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra"
    write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none

    What can be wrong with my installation?

    Thanks,
    Marcin
    Last edited by itipopema; 01-10-2010 at 06:42 AM.

Similar Threads

  1. [SOLVED] settings preferences for all users
    By viaris in forum Administrators
    Replies: 2
    Last Post: 06-23-2009, 03:43 PM
  2. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  3. Login showing wrong users email
    By gfdos.sys in forum Administrators
    Replies: 10
    Last Post: 04-08-2008, 08:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •