Login or Register to Ask a Question and Join Our Community


Ubuntu

howto: ldap modify acl

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Ubuntu howto: ldap modify acl
# 1  
Old 10-29-2010
howto: ldap modify acl
Hello guys,

I have a smb-ldap server on ubuntu 10.04 server. I recently found that when smb-ldap user SSHs into the server box and runs smbldap-passwd command then there is below error. root can run this command with no issues. I'd like users to be able to do the same.

Here is the error (happens for all users)

Quote:
smbldap-passwd
Identity validation...
enter your UNIX password:
Changing UNIX and samba passwords for lee
New password:
Retype new password:
Failed to modify SMB password: Insufficient access at /usr/sbin/smbldap-passwd line 238, <STDIN> line 3.

Ldap config for acl is :

Quote:
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=pdc
olcAccess: {0}to attrs=userPassword by dn="cn=admin,dc=pdc" write by anonymous
auth by self write by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to dn.base="" by * read
olcAccess:: ezN9dG8gKiBieSBkbj0iY249YWRtaW4sZGM9cGRjIiB3cml0ZSBieSAYWQg
olcLastMod: TRUE
olcRootDN: cn=admin,dc=pdc
olcRootPW: blah
olcRootPW: {crypt}64KIVblash
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: cn eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq
olcDbIndex: memberUid eq
olcDbIndex: uniqueMember eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub

I saw on some forums people suggesting below acl,

Quote:
access to attrs=userPassword,shadowLastChange,shadowMax,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaP wdMustChange,sambaAcctFlags
by dn="cn=admin,dc=ultraelectron,dc=com" write
by anonymous auth
by self write
by * none
will this be correct acl? If so, how to modify the ACLs in ldap.

ThanksSmilie

BTW : Is 'code / #' removed from thread tools ? I just find 'quote' so I used that for highlighting my configuration in thread
Last edited by upengan78; 10-29-2010 at 11:57 AM..
# 2  
Old 11-23-2010
turn debugging on (log level 256) and see what attribute it is trying to update. it might not be userPassword. not familar with using SMB with LDAP but the logging would show you exactly what is wrong.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

2. UNIX for Beginners Questions & Answers

How to apply acl?

hi, i am facing problem with acls, as a root i logged in and applied acl for directory(dir5),by using command setfacl -m u:user1:rwx dir5 but when i logged in as user1 i am not able to access that folder even though i applied full permission to that directory as a root.can any one help me on... (2 Replies)
Discussion started by: cmanoj489
2 Replies

3. UNIX for Beginners Questions & Answers

Help setting ACL's

Folks, Solaris 10 issue When I add a new directory to a path, I only get the "group@" line in the ACL The parent directory ACL is drwxrws---+ 12 root teama 12 Jul 18 10:31 . owner@:rwxp-DaARWc---:------:allow group@:rwxp-DaARWc--s:fd----:allow ... (0 Replies)
Discussion started by: wilberforce
0 Replies

4. UNIX for Dummies Questions & Answers

ACL concept

Hi.. Could someone explain about setfacl,getfacl in unix and its uses. Regards, Suresh (1 Reply)
Discussion started by: suresh sunkara
1 Replies

5. UNIX for Advanced & Expert Users

Need assistance on ACL

Hi Friends, I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread . Challenge : user : a group : Test1 user: b group: Test2 Say under user a i create dir /tmp/debug with the privilege of 755 and also... (3 Replies)
Discussion started by: leobreaker
3 Replies

6. UNIX for Advanced & Expert Users

something like LDAP Administrator 2011.1 "LDAP-SQL" but for the CLI

Hi I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI. Wish to use LDAP-SQL in scripts (non Windows GUI environment) http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png Softerra LDAP Administrator 2011.1 - What's New OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

7. Solaris

ACL

Can i get the synopsis for add multiple users in single command for ACL access for a directory or a file thanks in advance dinu (3 Replies)
Discussion started by: dinu
3 Replies

8. Linux

ACL

Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask... thanks (0 Replies)
Discussion started by: Gartlar
0 Replies

9. UNIX for Dummies Questions & Answers

how to backup with ACL

Hello All, I just inherent a new server with RedHat AS4 and ACL file system. I'm new to ACL and was trying to dump the system for backup and got errors that the ACL inodes would not be backed up. I have tried different command for backup such as star pax but found that there is a limitation of... (2 Replies)
Discussion started by: larryase
2 Replies

10. Cybersecurity

ACL

Hi all, I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
Discussion started by: -tri-
4 Replies
Login or Register to Ask a Question