Basically, I am at a point where users can login properly, but they can not change their password. Some info for troubleshooting:
-bash-3.00$ passwd Changing password for user test. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Can't contact LDAP server
passwd: Permission denied
and in the client log I have: passwd[29686]: pam_ldap: ldap_modify_s Insufficient access
my actual slapd.conf access section: access to * by * read
access to attr=userPassword by anonymous auth by self write by * none
In the order they are, this two rules have effect "access to everything by anybody is read-only".
You need to reverse the order of this two rules. Slapd stops parsing access rules as soon as it finds first match. What you want is:
access to attr=userPassword ... access to * ...
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
