Still fighting openldap
m.roth2006 at rcn.com
m.roth2006 at rcn.com
Tue Feb 19 22:22:59 UTC 2008
Josh,
>Date: Tue, 19 Feb 2008 12:22:42 -0800
>From: Josh Miller <joshua at itsecureadmin.com>
>m.roth2006 at rcn.com wrote:
>
>> I've tried changing the first stanza to:
>> access: to attrs=shadowLastChange,userPassword
>> by * read
>> by self write
>> by anonymous auth
>
>
>Do you get startup errors in your logs? Can you verify that your server
Don't see anything in the logs.
>is reading these ACLs? You keep adding a colon after access on the
>first ACL and I'm not sure that it would work -- and in fact, this would
>explain your "next problem".
>
>Do you see the colon?
Actually, that's odd - no, it's not in the slapd.conf, at least not since I made the change Jim suggested.
>
>You do not need to give access to shadowLastChange to your users, that
>value is maintained by OpenLDAP.
I can take that out - it was just that I saw it mentioned in a thread, and I thought that might explain why I was having the problem I did the other day (which I've now identified as an artifact only on the ldap server box), of the old password being required, even though the new one got me onto other boxes.
mark
More information about the redhat-list
mailing list