(Insufficient 'write' privileges to the 'userPassword') when executing passwd change

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As mentioned, I zeroed out the access log, executed one operation, and saw nothing but srch and result and bind operations in the access log.  I don?t find a modify or a write warning, and the error log is empty.

 

 

From: Rich Megginson [mailto:rmeggins at redhat.com] 
Sent: Friday, February 18, 2011 1:44 PM
To: General discussion list for the 389 Directory server project.
Cc: Beamon, John
Subject: Re: (Insufficient 'write' privileges to the 'userPassword') when executing passwd change

 

On 02/18/2011 11:18 AM, Beamon, John wrote: 

This is a new install, straight from the docs with 4 boxes in an MMR setup.  Attempting a password change from a Linux command line, I get this feedback.
 

	 

$ passwd
Changing password for user jbeamon.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Insufficient access
Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=jbeamon,ou=people,dc=example,dc=com'.
 
passwd: Permission denied

	 

 
I zeroed out the access and error logs in advance.  The error log was empty; the access log was nothing but SRCH, BIND, and RESULT entries for my account.  Nothing about access problems or attempted modifies.
 
A web search for this error message revealed one conversation in Jan 2009 that ended with "I fixed my aci and the problem went away".  I haven't knowingly changed any acis since install.  At the global level, user may change password.  At the userRoot suffix level, user can change password and fine-grained policy is enabled.  A password reset by directory manager succeeds and replicates around.  Does anyone else recognize this?

Look for this sequence of operations in your directory server access log.



 
-j
 
 
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110218/a145f846/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20110218/a145f846/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux