Well, I've gotten authentication working for solaris 10 & FDS. (Thank you, everybody)
As root, I can change any user's password and that works. As a regular user, however, no luck:
-bash-3.00$ passwd passwd: Changing password for test passwd: Sorry, wrong passwd Permission denied
-bash-3.00$ passwd -r ldap passwd: Changing password for test passwd: Sorry, wrong passwd Permission denied -bash-3.00$
I've this aci:
(targetattr="carLicense ||description ||displayName ||facsimileTelephoneNumber ||homePhone ||homePostalAddress ||initials ||jpegPhoto ||labeledURL ||mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress ||postalCode ||preferredDeliveryMethod ||preferredLanguage ||registeredAddress ||roomNumber ||secretary ||seeAlso ||st ||street ||telephoneNumber ||telexNumber ||title ||userCertificate ||userPassword ||userSMIMECertificate ||x500UniqueIdentifier")(version 3.0; acl "Enable self write for common attributes"; allow (write) userdn="ldap:///self";)
Doesn't seem to be doing anything, even though userPassword is in there. Btw, in Linux, non-root users can change their passwords just fine!
I've also two of these ACIs which I got from Gary Tay's site:
(target="ldap:///dc=company,dc=com")(targetattr="userPassword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = "ldap:///cn=proxyagent,ou=profile,dc=company,dc=com";)
(targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl LDAP_Naming_Services_deny_write_access;deny (write) userdn = "ldap:///self";)
They seem to doing nothing either, i.e. removing them neither fixes nor breaks anything.
Nothing in server/client logs either...
Any ideas?
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com