Re: How To set things up to allow users to change their passwords

5 Dec 2009


      Robert Heller wrote:
...
At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter" dieter@dkluenter.de wrote:
...
Robert Heller heller@deepsoft.com writes:
...
I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
RPMS) and I want to allow users to change their passwords, but I am
confused by the documentation (it has both too much and not enough
information -- there don't appear to be simple HowTos for common setups).
http://www.openldap.org/doc/admin24/slapdconfig.html
 see section 6.3
OK, I have set this up, and with some poking around I have gained a
better unterstanding of what is going on.  I have another question:
In the sample config it has an access control list that looks like:
access to attrs=userPassword
   by self write
   by anonymous auth
   by dn.base="cn=Admin,dc=example,dc=com" write
   by * none
Where does the password for "cn=Admin,dc=example,dc=com" exist?  Is this
something a add to slapd.config or insert into the database or ???
Evening,
-- SNIP ---
# cat /etc/openldap/slapd.conf
...
rootdn		"cn=Manager,dc=domain,dc=tld"
rootpw		{SSHA}blahBlahHash
-----------
Regards,
Zdenek
-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net

>>> I am not sure what to put in /etc/openldap/slapd.conf (I think I need an
>>> ACL).  I expect I need something in /etc/openldap/ldap.conf (or
>>> prossibly /etc/ldap.conf) to allow the authorization.  This is on a LAN
>>> with diskless clients, behind a firewall, so I *probably* don't need to
>>> set up SSL and certs (but I am unsure of this as well).
>> Get your system running first, than you may decide to install
>> transport layer security.
>>
>> -Dieter
>>
>

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: How To set things up to allow users to change their passwords