Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Mar 4 07:27:11 client-desktop nslcd[3198]: [90cde7] <authc="johndoe"> ldap_result() failed: Insufficient access: Operations are restricted to bind/unbind/abandon/StartTLS/modify password
- Mar 4 07:27:11 client-desktop nslcd[3198]: [dcc233] <authc="johndoe"> cn=John Doe,ou=people,cd=domain,dc=com: lookup failed: Invalid credentials
- # John Doe, people, domain.com
- dn: cn=John Doe,ou=people,dc=domain,dc=com
- cn: John Doe
- sn: Doe
- objectClass: top
- objectClass: person
- objectClass: posixAccount
- objectClass: shadowAccount
- uid: johndoe
- uidNumber: 1003
- gidNumber: 1000
- homeDirectory: /home/johndoe
- loginShell: /bin/bash
- userPassword: e1NTSEF9VWFSMDVsSGNIWFMxcnJ5VzBtaWRkOHFmTDE1ai9RYlQ=
- pwdReset: TRUE # This attribute only appears if I explicitly request it
- # policies, domain.com
- dn: ou=policies,dc=domain,dc=com
- objectClass: top
- objectClass: organizationalUnit
- ou: policies
- pwdInHistory: 3
- pwdLockout: TRUE
- pwdMaxFailure: 3
- pwdLockoutDuration: 30
- pwdMustChange: TRUE
- pwdSafeModify: FALSE
- pwdAllowUserChange: TRUE
- pwdFailureCountInterval: 0
- pwdGraceAuthNLimit: 0
- # {1}hdb, config
- dn: olcDatabase={1}hdb,cn=config
- objectClass: olcDatabaseConfig
- objectClass: olcHdbConfig
- olcDatabase: {1}hdb
- olcDbDirectory: /var/lib/ldap
- olcSuffix: dc=domain,dc=com
- olcAccess: {0}to attrs=userPassword by self write by * auth
- olcAccess: {1}to attrs=shadowLastChange by self write by * read
- olcAccess: {2}to attrs=userPKCS12 by self read by * none
- olcAccess: {3}to * by * read
- olcRootDN: cn=admin,dc=domain,dc=com
- olcRootPW: {SSHA}############## omited
- olcDbCacheSize: 10000
- olcDbCheckpoint: 1024 5
- olcDbConfig: {0}set_cachesize 0 15000000 1
- olcDbConfig: {1}set_lg_regionmax 262144
- olcDbConfig: {2}set_lg_bsize 2097152
- olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
- olcDbConfig: {4}set_lk_max_locks 30000
- olcDbConfig: {5}set_lk_max_objects 30000
- olcDbIDLcacheSize: 30000
- olcDbIndex: objectclass eq
- [...more indexes...]
- # {0}ppolicy, {1}hdb, config
- dn: olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config
- objectClass: top
- objectClass: olcConfig
- objectClass: olcOverlayConfig
- objectClass: olcPPolicyConfig
- olcOverlay: {0}ppolicy
- olcPPolicyDefault: cn=default,ou=policies,dc=domain,dc=com
- olcPPolicyHashCleartext: TRUE
- olcPPolicyUseLockout: FALSE
- olcPPolicyForwardUpdates: FALSE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement