At Sat, 05 Dec 2009 18:29:55 +0100 Zdenek Styblik stybla@turnovfree.net wrote:
Robert Heller wrote:
At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter" dieter@dkluenter.de wrote:
Robert Heller heller@deepsoft.com writes:
I have Openldap set up on a CentOS 5 system (using the stock 2.3.43 RPMS) and I want to allow users to change their passwords, but I am confused by the documentation (it has both too much and not enough information -- there don't appear to be simple HowTos for common setups).
http://www.openldap.org/doc/admin24/slapdconfig.html see section 6.3
OK, I have set this up, and with some poking around I have gained a better unterstanding of what is going on. I have another question:
In the sample config it has an access control list that looks like:
access to attrs=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=example,dc=com" write by * none
Where does the password for "cn=Admin,dc=example,dc=com" exist? Is this something a add to slapd.config or insert into the database or ???
Evening,
-- SNIP --- # cat /etc/openldap/slapd.conf ... rootdn "cn=Manager,dc=domain,dc=tld" rootpw {SSHA}blahBlahHash
It already has a rootdn/rootpw, much like the sample one (in section 6.3) for 'cn=Manager,dc=example,dc=com', the sample slapd.config has this also. The slapd.config in section 6.3 *ALSO* refers to the DN "cn=Admin,dc=example,dc=com", which is *PRESUMABLY* separate from "cn=Manager,dc=example,dc=com". How do a specify a password for this *OTHER* DN? Or is the slapd.conf in section 6.3 just being gratiously confusing for no good reason? I understand that the rootdn was write access to everything, no matter what the ACLs say. I presuming that the ACL with "cn=Admin,dc=example,dc=com" is to allow someone else access to updating accounts. How do I set this other person's password? Is this in the database, slapd.conf or ldap.conf or someplace else?
Regards, Zdenek