Josh,
>Date: Tue, 19 Feb 2008 12:22:42 -0800
>From: Josh Miller <joshua@xxxxxxxxxxxxxxxxx>
>m.roth2006@xxxxxxx wrote:
>
>> I've tried changing the first stanza to:
>> access: to attrs=shadowLastChange,userPassword
>> by * read
>> by self write
>> by anonymous auth
>
>
>Do you get startup errors in your logs? Can you verify that your server
Don't see anything in the logs.
>is reading these ACLs? You keep adding a colon after access on the
>first ACL and I'm not sure that it would work -- and in fact, this would
>explain your "next problem".
>
>Do you see the colon?
Actually, that's odd - no, it's not in the slapd.conf, at least not since I made the change Jim suggested.
>
>You do not need to give access to shadowLastChange to your users, that
>value is maintained by OpenLDAP.
I can take that out - it was just that I saw it mentioned in a thread, and I thought that might explain why I was having the problem I did the other day (which I've now identified as an artifact only on the ldap server box), of the old password being required, even though the new one got me onto other boxes.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
