LDAP (slapd) authenticated user cannot modify self

linux ldap

Solution 1:

Lists  of  access  directives are evaluated in the order they appear in
slapd.conf.  When a <what> clause matches the  datum  whose  access  is
being evaluated, its <who> clause list is checked.  When a <who> clause
matches the accessor's properties, its <access> and  <control>  clauses
are evaluated.  Access control checking stops at the first match of the
<what> and <who> clause, unless otherwise  dictated  by  the  <control>
clause.

First matching <what> and <who> for attempt to change password is:

access to *
   by users read

If you move 'access to *' clause at end of list it should work fine. Or just swap order of "by users read" and "by self write".

ACLs is most tricky part of OpenLDAP configuration, so read slapd.access(5) carefully, and be sure that you completely understood how ACLs work before writing some non-trivial.

Related

Can't access public folders after upgrade to Exchange 2010
Windows 7 Shortdate Format Ignored
Cannot log into Oracle Enterprise Manager 11g: ORA-28001
High Sqlservr.exe Memory Usage
Cisco ASA5505 won't sync with NTP
Server 2012: SYN, no ACKs, on TCP ports higher than 6000
Does CentOS 5.4 properly handle leap seconds?
Can Spammers get your email address if it's set as postmaster, webmaster, etc?
Manage Desktop Profiles Gnome or XFCE
Apache directories under /var/www
Backup Exec 2010 throwing error trying to restore Exchange mailbox
Pass parameters to a script securely