New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot update your password. Insufficient access: Insufficient 'write' privilege to the 'userPassword' attribute of entry '<DN-NAME-HERE>'. #48
Comments
Привет.
Посмотреть выданные юзеру привелегии можно в веб интерфейсе. |
Привет Владимир!
Да я проверил конечно прежде чем писать. Но сейчас ещё раз перепроверю на
всякий случай.
Спасибо!
Евгений
…On Fri., Jan. 8, 2021, 5:37 a.m. Vladimir Buyanov ***@***.***> wrote:
Привет.
Проверь, что у тебя выполнены шаги:
ipa role-add "Self Password Reset"
ipa role-add-member "Self Password Reset" --users="ldap-passwd-reset"
ipa role-add-privilege "Self Password Reset" --privileges="Modify Users and Reset passwords"
ipa role-add-privilege "Self Password Reset" --privileges="Password Policy Readers"
ipa role-add-privilege "Self Password Reset" --privileges="Kerberos Ticket Policy Readers"
ipa permission-mod "System: Change User password" --includedattrs="krbloginfailedcount"
Посмотреть выданные юзеру привелегии можно в веб интерфейсе.
У приведегии "Modify Users and Reset passwords" должно быть право записи в
поле userPassword (по дефолту оно есть).
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#48 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEDDD7VAYIZUD75JK47VD73SY4DDJANCNFSM4VT5S7WA>
.
|
Привет, это сообщение появляется при попытке сменить пароль юзеру, состоящему в группе "admins". Обычных юзеров это не затрагивает. |
translated the last comment "Hi, this message appears when you try to change the password for a user who is a member of the "admins" group. This does not affect regular users.". Indeed this seems to be the issue at my case, because i get the same error message |
Getting the below error message on reset page:
Cannot update your password. Insufficient access: Insufficient 'write' privilege to the 'userPassword' attribute of entry ''.
Adding user to "ldap-passwd-reset" to the "admins" FreeIPA group helps to solve the issue, but I don't want to leave it permanently over there.
CentOS Linux release 7.9.2009 (Core)
$ ipa --version
VERSION: 4.6.8, API_VERSION: 2.237
The latest version of the freeipa-password-reset as of Jan 4th, 2021
The text was updated successfully, but these errors were encountered: