Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: howto: ldap modify acl
Operating Systems Linux Ubuntu howto: ldap modify acl Post 302467424 by upengan78 on Friday 29th of October 2010 10:13:50 AM
Old 10-29-2010
howto: ldap modify acl
Hello guys,

I have a smb-ldap server on ubuntu 10.04 server. I recently found that when smb-ldap user SSHs into the server box and runs smbldap-passwd command then there is below error. root can run this command with no issues. I'd like users to be able to do the same.

Here is the error (happens for all users)

Quote:
smbldap-passwd
Identity validation...
enter your UNIX password:
Changing UNIX and samba passwords for lee
New password:
Retype new password:
Failed to modify SMB password: Insufficient access at /usr/sbin/smbldap-passwd line 238, <STDIN> line 3.

Ldap config for acl is :

Quote:
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=pdc
olcAccess: {0}to attrs=userPassword by dn="cn=admin,dc=pdc" write by anonymous
auth by self write by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to dn.base="" by * read
olcAccess:: ezN9dG8gKiBieSBkbj0iY249YWRtaW4sZGM9cGRjIiB3cml0ZSBieSAYWQg
olcLastMod: TRUE
olcRootDN: cn=admin,dc=pdc
olcRootPW: blah
olcRootPW: {crypt}64KIVblash
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: cn eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq
olcDbIndex: memberUid eq
olcDbIndex: uniqueMember eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub

I saw on some forums people suggesting below acl,

Quote:
access to attrs=userPassword,shadowLastChange,shadowMax,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaP wdMustChange,sambaAcctFlags
by dn="cn=admin,dc=ultraelectron,dc=com" write
by anonymous auth
by self write
by * none
will this be correct acl? If so, how to modify the ACLs in ldap.

ThanksSmilie

BTW : Is 'code / #' removed from thread tools ? I just find 'quote' so I used that for highlighting my configuration in thread
Last edited by upengan78; 10-29-2010 at 11:57 AM..
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

ACL

Hi all, I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
Discussion started by: -tri-
4 Replies

2. UNIX for Dummies Questions & Answers

how to backup with ACL

Hello All, I just inherent a new server with RedHat AS4 and ACL file system. I'm new to ACL and was trying to dump the system for backup and got errors that the ACL inodes would not be backed up. I have tried different command for backup such as star pax but found that there is a limitation of... (2 Replies)
Discussion started by: larryase
2 Replies

3. Linux

ACL

Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask... thanks (0 Replies)
Discussion started by: Gartlar
0 Replies

4. Solaris

ACL

Can i get the synopsis for add multiple users in single command for ACL access for a directory or a file thanks in advance dinu (3 Replies)
Discussion started by: dinu
3 Replies

5. UNIX for Advanced & Expert Users

something like LDAP Administrator 2011.1 "LDAP-SQL" but for the CLI

Hi I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI. Wish to use LDAP-SQL in scripts (non Windows GUI environment) http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png Softerra LDAP Administrator 2011.1 - What's New OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

6. UNIX for Advanced & Expert Users

Need assistance on ACL

Hi Friends, I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread . Challenge : user : a group : Test1 user: b group: Test2 Say under user a i create dir /tmp/debug with the privilege of 755 and also... (3 Replies)
Discussion started by: leobreaker
3 Replies

7. UNIX for Dummies Questions & Answers

ACL concept

Hi.. Could someone explain about setfacl,getfacl in unix and its uses. Regards, Suresh (1 Reply)
Discussion started by: suresh sunkara
1 Replies

8. UNIX for Beginners Questions & Answers

Help setting ACL's

Folks, Solaris 10 issue When I add a new directory to a path, I only get the "group@" line in the ACL The parent directory ACL is drwxrws---+ 12 root teama 12 Jul 18 10:31 . owner@:rwxp-DaARWc---:------:allow group@:rwxp-DaARWc--s:fd----:allow ... (0 Replies)
Discussion started by: wilberforce
0 Replies

9. UNIX for Beginners Questions & Answers

How to apply acl?

hi, i am facing problem with acls, as a root i logged in and applied acl for directory(dir5),by using command setfacl -m u:user1:rwx dir5 but when i logged in as user1 i am not able to access that folder even though i applied full permission to that directory as a root.can any one help me on... (2 Replies)
Discussion started by: cmanoj489
2 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT SUNOS

delete-acl

asadmin-delete-acl(1AS) 					   User Commands					   asadmin-delete-acl(1AS)

NAME

       delete-acl  - removes the access control list file

SYNOPSIS

       delete-acl  --user  admin_user[--password  admin_password][--host localhost] [--port 4848][--passwordfile filename][--secure|-s][--instance
       instance_name] acl_ID

       Gets the access control lists associated with the named server instance..

OPTIONS

       --user		       administrative user associated for the instance.

       --password	       administrative password corresponding to the administrative user.

       --host		       host name of the machine hosting the administrative instance.

       --port		       administrative port number associated with the administrative host.

       --secure 	       indicates communication with the administrative instance in secured mode.

       --passwordfile	       file containing passwords appropriate for the command (e.g., administrative instance).

       --instance	       name of the instance.

OPERANDS

       acl_ID		       internal name for the ACL file listing. This ID is used in a virtual server element to define the ACL file used	by
			       the virtual server.

       Example 1: Using delete-acl

       asadmin> delete-acl --user admin --password adminadmin --host fuyako --port 7070 --instance server1 sampleACL
       Deleted ACL with id = sampleACL

       Where: sampleACL is the ACL that is deleted.

EXIT STATUS

       0		       command executed successfully

       1		       error in executing the command

INTERFACE EQUIVALENT

       Access Control List page

       asadmin-create-acl(1AS), asadmin-list-acl(1AS)

J2EE 1.4 SDK							    March 2004						   asadmin-delete-acl(1AS)
All times are GMT -4. The time now is 06:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy