On Sat, 2009-12-05 at 12:09 -0500, Robert Heller wrote: > At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter" <[email protected]> > wrote: > > > > > Robert Heller <[email protected]> writes: > > > > > I have Openldap set up on a CentOS 5 system (using the stock 2.3.43 > > > RPMS) and I want to allow users to change their passwords, but I am > > > confused by the documentation (it has both too much and not enough > > > information -- there don't appear to be simple HowTos for common setups). > > > > http://www.openldap.org/doc/admin24/slapdconfig.html > > see section 6.3 > > OK, I have set this up, and with some poking around I have gained a > better unterstanding of what is going on. I have another question: > > In the sample config it has an access control list that looks like: > > access to attrs=userPassword > by self write > by anonymous auth > by dn.base="cn=Admin,dc=example,dc=com" write > by * none > > Where does the password for "cn=Admin,dc=example,dc=com" exist? Is this > something a add to slapd.config or insert into the database or ???
Admin password can be mentioned at rootpw in slapd.conf. ~Chamith > > > > > > I am not sure what to put in /etc/openldap/slapd.conf (I think I need an > > > ACL). I expect I need something in /etc/openldap/ldap.conf (or > > > prossibly /etc/ldap.conf) to allow the authorization. This is on a LAN > > > with diskless clients, behind a firewall, so I *probably* don't need to > > > set up SSL and certs (but I am unsure of this as well). > > > > Get your system running first, than you may decide to install > > transport layer security. > > > > -Dieter > > >
