Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Re: LDAP "Domain Administrators" cannot modify any data
« on: September 24, 2017, 04:13:50 pm »
This is what I'm getting in the Samba log (with log level set to 10 in smb.conf). It appears that the user is successfully matched and authenticated, but I can't seem to get the "permissions" logged:
Code: [Select]
[2017/09/24 10:09:59.888122, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [MYDOMAIN]\[ldap_admin_binder_01]@[(null)]
auth_check_password_send: mapped user is: [MYDOMAIN]\[ldap_admin_binder_01]@[(null)]
[2017/09/24 10:09:59.927131, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [MYDOMAIN]\[testuser]@[(null)]
auth_check_password_send: mapped user is: [MYDOMAIN]\[testuser]@[(null)]
[2017/09/24 10:09:59.939212, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2017/09/24 10:09:59.939263, 3] ../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
2
Directory and Authentication / LDAP "Domain Administrators" cannot modify any data
« on: September 23, 2017, 03:06:27 pm »
So I've set up a new installation of the Zentyal 5 (5.0.9) directory server, and everything has been working fine so far.
Now, I want to build a simple PHP webpage that will allow the user to change their own password. I snagged my old code (which worked fine with OpenLDAP), put in the administrator credentials for binding (created a new user and assigned the built-in groups "Domain Admins" and "Schema Admins" to that user), and tested it out.
Turns out the password update part of the code (ldapmodify) cannot really modify anything, with it throwing out the error "50 - Insufficient access". Now I'm really confused on what to try next, because the account used should be an admin account with permission to change just about anything already.
Any ideas? Thanks!
Now, I want to build a simple PHP webpage that will allow the user to change their own password. I snagged my old code (which worked fine with OpenLDAP), put in the administrator credentials for binding (created a new user and assigned the built-in groups "Domain Admins" and "Schema Admins" to that user), and tested it out.
Turns out the password update part of the code (ldapmodify) cannot really modify anything, with it throwing out the error "50 - Insufficient access". Now I'm really confused on what to try next, because the account used should be an admin account with permission to change just about anything already.
Any ideas? Thanks!
Pages: [1]