[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using LDAP as a replacement for NIS/NIS+

I am currently trying to implement a testbed system with RedHat Linux 6.2
using OpenLDAP along with the nss_ldap and nss_pam packages from PADL
Software as an alternative to the NIS+ directory service. I have found
application specific documentation sparse in this area.  The docs that
come with the PADL packages pretty much only cover migrating things to
LDAP, but don't cover day-to-day user administration.

I have a few questions regarding this application of LDAP:

1. How do I configure my slapd.conf so that users can change their own
passwords, GECOS fields, etc., without allowing them to do so for
everybody else on the system.  The examples given in all of the
documentation i have read don't seem to work.  I get an error such as:

$ ldappasswd -E uid=<username>
Enter password:
Re-enter new password:
ldap_modify: Insufficient access

If I simply say 'ldappasswd -E' it acts as though it changes the password
without error, but when I try to log in with the new password, it doesn't
allow me to do so.  I can still log in fine with my old password, however.

2. Has there been anybody write a suite of user management tools to work
along with LDAP?  Using the standard 'useradd' and 'userdel' utilities
only work with the local /etc/passwd files, and '/bin/passwd' doesn't work
as expected either.  However, I have noticed that '/bin/passwd' will
change the user's password in the LDAP database, but it shows up in the
database as plaintext instead of being encrypted.

Any help will be greatly appreciated.


Jeff Workman                    | [End of diatribe.  We now return you to your 
UNIX System Administrator       | regularly scheduled programming...] 
Gibralter Publishing            |  
(910) 455-6446 ext. 3034        | -- Larry Wall, in "Configure" from the
http://www.gibralter.com        |    perl distribution.