我没有配置SSL的基本LDAP设置。用户可以使用passwd命令登录但无法更改其密码。我已经去了很多博客,但没有运气。我已禁用selinux和iptables。
对此的任何帮助将不胜感激。
以下详细信息,
尝试更改密码时终端输出:
[servername ~]$ passwd
Changing password for user dkrishna.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Insufficient access
passwd: Authentication token manipulation error
以下是日志,
==> / var / log / secure< ==
Oct 8 09:31:33 passwd: pam_unix(passwd:chauthtok): user "dkrishna" does not exist in /etc/passwd
Oct 8 09:31:42 passwd: pam_unix(passwd:chauthtok): user "dkrishna" does not exist in /etc/passwd
==> / var / log / messages< ==
Oct 8 09:31:42 passwd: pam_ldap: ldap_modify_s Insufficient access
ACL配置如下,
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=admin,dc=tibbr,dc=com" read
by * none
access to attrs=userPassword
by self write
by anonymous auth
by users none
access to * by * read
答案 0 :(得分:3)
我找到了解决方案:
将以下两行添加到文件末尾:oclDatabase\=\{2\}bdb.ldif
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=Manager,dc=domain,dc=com" write by anonymous auth by * none
olcAccess: {1}to * by dn.base="cn=Manager,dc=domain,dc=com" write by self write by * read
再见
答案 1 :(得分:0)
在配置OCL数据库时,似乎不推荐使用slapd.conf。
观察OCL配置指南中的以下代码段: "从运行转换开始,slapd.conf文件就是多余的。当加载slapd查找配置目录(默认slapd.d)并从那里读取其配置文件并初始化OLC(cn = config)DIT。如果找不到slapd.d目录,则slapd会查找slapd.conf。"