pwm change ldap user's password error

1,525 views
Skip to first unread message

oylf...@gmail.com

unread,
Jan 9, 2014, 10:35:57 AM1/9/14
to pwm-g...@googlegroups.com
Hello,

Does anyone had any idea on below error I got when I using PWM to update the user password:

~~~~
Unexpected error. If this error occurs repeatedly please contact your helpdesk. { 5015 ERROR_UNKNOWN (error setting password for user 'cn=Lingfei Ouyang,ou=people,dc=abb,dc=com'' [LDAP: error code 50 - Insufficient Access Rights]) }
~~~~

Thanks
Ling

Jason Rivard

unread,
Jan 9, 2014, 12:40:51 PM1/9/14
to pwm-general
Just a crazy guess, but I guess your proxy user has insufficient access rights.



--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/c8d1181b-da2d-4899-a0ef-acbc45f5d49b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

hofman...@gmail.com

unread,
Jan 10, 2014, 2:32:47 AM1/10/14
to pwm-g...@googlegroups.com, oylf...@gmail.com
check the grants for your proxy user?

Which is your proxy user, the domain administrator or a own user?

The change from the password would be done with the access rights from the logon user. in this example with "Lingfei Ouyang". This user must be have grants to write something to the ldap schema attributes.

lingfei ouyang

unread,
Jan 10, 2014, 10:37:22 AM1/10/14
to hofman...@gmail.com, pwm-g...@googlegroups.com
Thanks Hofmann,

And as I read the PWm admin guide and looks like I need to update the slapd.conf  for Open LDAP integration and also updated the pwm,schema file per this  https://docs.google.com/document/d/1BBHPcOUxZytrqncYFInTaY2PXgW5p1EmzwV8zcpspRg/edit# 

and then after I updated those informations, I no longer can use pwm login by using my id. 

and  below is the new error I got:

The username or password is not valid. Please try again. { 5001 ERROR_WRONGPASSWORD (ldap error during password check: unable to create connection: unable to bind to ldap://localhost:389 as cn=Lingfei Ouyang,ou=people,dc=abb,dc=com reason: [LDAP: error code 49 - Invalid Credentials]) }

Thanks
Ling



lingfei ouyang

unread,
Jan 10, 2014, 12:07:08 PM1/10/14
to hofman...@gmail.com, pwm-g...@googlegroups.com
Hello Hofmann,

Here is the screenshot for health statues:





Inline image 1

Everything looks find but just can't let me login the LDAP user, and below is the error screenshot that I got: Inline image 2
so do you know how to solve this?

Thanks
Ling
image.png
image.png

hofman...@gmail.com

unread,
Jan 10, 2014, 3:32:41 PM1/10/14
to pwm-g...@googlegroups.com, oylf...@gmail.com
pls post some lines from the catalina.out and the advanced view from your ldap configuration.

What Kind of LDAP do you use? OpenLDAP or FreeIPA or Oracle Directory or Microsoft Active Directory?

Message has been deleted

sylvest...@gmail.com

unread,
Nov 10, 2017, 3:38:49 PM11/10/17
to pwm-general


Had similar issue with the error 50.

Created /etc/openldap/addPwdAccess.ldif with:


dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=sysaccount,dc=puppet,dc=com" write
by * none
olcAccess: {1}to *
by self write
by dn.base="cn=sysaccount,dc=puppet,dc=com" write
by * read
~

Then we pushed it to the ldif...

ldapmodify -QY EXTERNAL -H ldapi:/// -f addPwdAccess.ldif

Reply all
Reply to author
Forward
0 new messages