0

I manage two server master and slave in my Open Ldap. I have configured my ldap for permit to change User password in the slave. The slave is replicate in master, but I have this issue in response by master server when I use ldappasswd:

Result: Proxied Authorization Denied (123)
Additional info: not authorized to assume identity

Can you help me?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
lapd.conf
  • 1
  • 2
  • You seem to have this back to front. The master is replicate to the slave. Not the other way around. Updates should be applied at the master, not at the slave. – user207421 Apr 12 '16 at 12:27

1 Answers1

0

I don't think this has anything to do with your replication topology. It seems like you're using ldappasswd to update a user's password binding as a different user.

There are typically to ways of updating a user's password:

  • Users can update their own password.
  • An admin user can update the user's password (your case). In this scenario the admin should assume the identity of the user before updating the password. This is called Proxied Authorization.

If you want to use the Proxied Authorization control you first need to make sure that the admin user has privileges to use such control. Looks like your admin user does't have permission to use the Proxied Auth control.

This answer explains how to enable Proxied Auth. Hope this helps.

Community
  • 1
  • 1
Guillermo R
  • 623
  • 4
  • 8