Re: How To set things up to allow users to change their passwords

Sat, 05 Dec 2009 10:32:24 -0800 

At Sat, 05 Dec 2009 18:29:55 +0100 Zdenek Styblik <[email protected]> wrote:

> 
> Robert Heller wrote:
> > At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter" <[email protected]> 
> > wrote:
> > 
> >> Robert Heller <[email protected]> writes:
> >>
> >>> I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
> >>> RPMS) and I want to allow users to change their passwords, but I am
> >>> confused by the documentation (it has both too much and not enough
> >>> information -- there don't appear to be simple HowTos for common setups).
> >> http://www.openldap.org/doc/admin24/slapdconfig.html
> >>  see section 6.3
> > 
> > OK, I have set this up, and with some poking around I have gained a
> > better unterstanding of what is going on.  I have another question:
> > 
> > In the sample config it has an access control list that looks like:
> > 
> > access to attrs=userPassword
> >     by self write
> >     by anonymous auth
> >     by dn.base="cn=Admin,dc=example,dc=com" write
> >     by * none
> > 
> > Where does the password for "cn=Admin,dc=example,dc=com" exist?  Is this
> > something a add to slapd.config or insert into the database or ???
> > 
> 
> Evening,
> 
> -- SNIP ---
> # cat /etc/openldap/slapd.conf
> ...
> rootdn                "cn=Manager,dc=domain,dc=tld"
> rootpw                {SSHA}blahBlahHash

It already has a rootdn/rootpw, much like the sample one (in section
6.3) for 'cn=Manager,dc=example,dc=com', the sample slapd.config has this also. 
The slapd.config in section 6.3 *ALSO* refers to the DN
"cn=Admin,dc=example,dc=com", which is *PRESUMABLY* separate from
"cn=Manager,dc=example,dc=com".  How do a specify a password for this
*OTHER* DN?  Or is the slapd.conf in section 6.3 just being gratiously
confusing for no good reason?  I understand that the rootdn was write
access to everything, no matter what the ACLs say.  I presuming that the
ACL with "cn=Admin,dc=example,dc=com" is to allow someone else access to
updating accounts.  How do I set this other person's password?  Is this
in the database, slapd.conf or ldap.conf or someplace else?

> -----------
> 
> Regards,
> Zdenek
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
[email protected]       -- http://www.deepsoft.com/ModelRailroadSystem/

Reply via email to