我有一个没有配置SSL的基本LDAP设置。用户可以使用passwd命令登录但无法更改其密码。我已经去了很多博客,但没有运气。我禁用了selinux和iptables。LDAP用户无法使用passwd命令更改密码
对此的任何帮助将不胜感激。下面
详细信息,
- OS:CentOS6.5
- LDAP版本:OpenLDAP的-服务器 - 2.4.23-34.el6_5.1.x86_64
- 客户端版本的OpenLDAP的客户端 - 2.4
:从所述终端试图改变密码时.23-34.el6_5.1.x86_64[servername ~]$ passwd Changing password for user dkrishna. Enter login(LDAP) password: New password: Retype new password: LDAP password information update failed: Insufficient access passwd: Authentication token manipulation error
输出
以下是在日志,
==>的/ var /日志/安全< ==
Oct 8 09:31:33 passwd: pam_unix(passwd:chauthtok): user "dkrishna" does not exist in /etc/passwd
Oct 8 09:31:42 passwd: pam_unix(passwd:chauthtok): user "dkrishna" does not exist in /etc/passwd
==>的/ var /日志/消息< ==
Oct 8 09:31:42 passwd: pam_ldap: ldap_modify_s Insufficient access
ACL的配置如下,
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=admin,dc=tibbr,dc=com" read
by * none
access to attrs=userPassword
by self write
by anonymous auth
by users none
access to * by * read
非常感谢托马斯的回应。像魅力一样工作!曾尝试将相同的规则放在slapd.conf文件中并重新启动服务,但它没有起作用。但是同样的规则直接放置在oclDatabase \ = {2} bdb.ldif文件中。 – 2014-10-29 17:41:09