Antwort: Re: Antwort: Re: Changing User Password with ldappasswd

[thomas.emde@scaleon.de]

Ok, I thought the rootpw directive only applies when using the rootdn (-D
"cn=Admin, ...)
and by issuing an access control directive with "access to userpassword by self
write" I could
everybody make change their user passwords without issuing the ldap password.

So how could I prevent a normal user from using
 -D "cn=Admin, ..." and destroying my ldap db (for I have to tell him the ldap
password as you pointed out)?

Or how can I configure ldap to use each user's old userpassword as the ldap
password when using "ldappasswd"?

regards,
Thomas

P.S. I just got Dejan's answer and it seems that I am using quite an old version
of openldap (1.2.11). I'll give it a try
and install the latest version.




Daniel Tiefnig <openldap@qmail.infonova.at>@OpenLDAP.org on 2002-01-30 16:24:00

Bitte antworten an Daniel Tiefnig <daniel.tiefnig@infonova.at>

Gesendet von:     owner-openldap-software@OpenLDAP.org



An:    openldap-software@OpenLDAP.org
Kopie:
Blindkopie:
Thema: Re: Antwort: Re: Changing User Password with ldappasswd


 wrote...:

> Hello Dejan,
>
> sorry, but this did not work (first I dropped the -W because I
> DON'T want the user to enter the ldap password)

hmm.. and you really think, you can bind to the ldap server as user
"user" _without_ specifying its password..? think again..

> When I issue
>
> ldappasswd -D 'cn=user, o=my organization, c=D' (either with our
> without the filter "uid=userid")
>
> I get an "insufficient access" message.

of course. you'll have to bind as a user with write access to the
userpassword attribute with username _and_ password. no way out. (except
allowing anonymous write, but you _don't_ want that..)


daniel