directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Password Policy attribute pwdMinAge not working?
Date Wed, 21 Jan 2015 04:03:55 GMT
On Wed, Jan 21, 2015 at 8:26 AM, David Paulsen <dave.paulsen@kewill.com>
wrote:

> > > Thanks, Kiran. I was using the admin account to change the password.
> > > But, when I attempted to use the user account for which I'm changing
> the
> > > password (instead of the admin account), I get an
> > > INSUFFICIENT_ACCESS_RIGHTS error:
> > >
> > > LDAPException: Insufficient Access Rights (50) Insufficient Access
> > > Rights
> > >
> > are there any ACIs affecting the below mentioned entry?
> >
> > > LDAPException: Server Message: INSUFFICIENT_ACCESS_RIGHTS: failed
> for
> > > MessageType : MODIFY_REQUEST
> > > Message ID : 111
> > >     Modify Request
> > >         Object :
> 'uid=jguinn,ou=8300,ou=DVHead,dc=kewilltransport,dc=com
> > > '
> > >             Modification[0]
> > >                 Operation :  replace
> > >                 Modification
> > > userPassword: 0x48 0x69 0x54 0x68 0x65 0x72 0x65 0x32
> > > org.apache.directory.api.ldap.model.message.ModifyRequestImpl <at>
> 8ede0d34:
> > > null
> > > LDAPException: Matched DN:
> > >
> > >
> > >
> > >
> >
> Not that I know of. I did not specifically configure any ACIs for
> uid=jguinn,ou=8300,ou=DVHead,dc=kewilltransport,dc=com. Is there a way I
> can check for that? I would think that by default a user logged in to
>
see if the parent/root entry has any ACI applied

> LDAP as themselves would be able to change their password, correct?
>
>  yes



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message