Hello (again), my setup: 389-ds server, Centos6 Various clients - Centos5/6, Fedora, Debian For some reason users can no longer change their passwords. They log in via ssh, run "passwd", but then it says: Password change failed. Server message: Insufficient access rights In the server I can see: [06/Jun/2016:14:30:14 +0300] conn=1750620 fd=182 slot=182 SSL connection from 172.16.18.52 to 172.16.18.254 [06/Jun/2016:14:30:14 +0300] conn=1750620 TLS1.2 256-bit AES [06/Jun/2016:14:30:14 +0300] conn=1750620 op=0 BIND dn="uid=username,ou=People,dc=dom,dc=com" method=128 version=3 [06/Jun/2016:14:30:14 +0300] conn=1750620 op=0 RESULT err=0 tag=97 nentries=0 etime=0.007000 dn="uid=username,ou=people,dc=dom,dc=com" [06/Jun/2016:14:30:14 +0300] conn=1750620 op=1 EXT oid="1.3.6.1.4.1.4203.1.11.1" name="passwd_modify_extop" [06/Jun/2016:14:30:14 +0300] conn=1750620 op=1 RESULT err=50 tag=120 nentries=0 etime=0.001000 [06/Jun/2016:14:30:14 +0300] conn=1750620 op=2 UNBIND [06/Jun/2016:14:30:14 +0300] conn=1750620 op=2 fd=182 closed - U1 I have "passwordChange: on" in the DS configuration? I have also checked the ACI for self-entry modifications and the users have the rights: (targetattr = "userPassword || telephoneNumber || facsimileTelephoneNumber") (version 3.0; acl "Allow self entry modification"; allow (write) (userdn = "ldap:///self";) ;) What am I missing here? Thanks -- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
