[Samba] client specific debug log for ldap

lists lists at merit.unu.edu
Tue Jan 10 14:05:19 UTC 2017


I am trying to debug an ldaps client that we would like use to change
passwords for end-users. Currently this is failing with this:
> [LDAP: error code 50 - error in module acl: insufficient access
> rights during LDB_MODIFY (50)]; remaining name 'CN=ted t.
> test,CN=Users,DC=samba,DC=company,DC=com'

 From what we understand, there are two ways to change a password:
A) as an admin-user with a replace operation
B) as an end-user with a delete and an add operation

To debug why my client application does not work, I configured loglevel
10 for that specific IP, according to the client specific logging on the 

HOWEVER... that does not seem to work for ldap access! :-(

Is there a way to have debug level logs for ldap traffic coming from a
specific ip, while keeping the rest a a normal level?

Or perhaps set ldap logging to 10, while keeping the rest down?

And as a side-question: do we need to configure anything special, to
allow end-users to change their passwords?

Best regards,

More information about the samba mailing list