Re: R: pwdReset problem in CentOS 7

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Michael Ströder <michael [at] stroeder.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: R: pwdReset problem in CentOS 7
Date: Thu, 10 Jan 2019 01:11:56 +0100

On 1/9/19 10:11 PM, Arthur de Jong wrote:

On Mon, 2019-01-07 at 12:15 +0100, nsspamldapd12@iotti.biz wrote:
 From your logs:

nslcd: [e45d32] <authc="lux"> DEBUG: 
myldap_search(base="uid=lux,ou=Tecnici,ou=People,dc=test,dc=it", filter="(objectClass=*)")
nslcd: [e45d32] <authc="lux"> ldap_result() failed: Insufficient
access: Operations are restricted to
bind/unbind/abandon/StartTLS/modify password >

The problem here may be that the policy does not provide any grace
logins left but I'm not 100% sure.

With grace logins no more search operations by this user are allowed andthe diagnostic message returned by OpenLDAP seems to be pretty clear onthat.

So nslcd has to use the privileged connection specified withrootpwmoddn/rootpwmodpw to search for the user in this case.


Ciao, Michael.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

R: pwdReset problem in CentOS 7, nsspamldapd12
- Re: R: pwdReset problem in CentOS 7, Arthur de Jong
  - Re: R: pwdReset problem in CentOS 7, Michael Ströder
  - R: R: pwdReset problem in CentOS 7, nsspamldapd12
  - R: R: pwdReset problem in CentOS 7, nsspamldapd12

Prev by Date: Re: R: pwdReset problem in CentOS 7
Next by Date: R: R: pwdReset problem in CentOS 7
Previous by thread: Re: R: pwdReset problem in CentOS 7
Next by thread: R: R: pwdReset problem in CentOS 7