[Date Prev][Date Next] [Chronological] [Thread] [Top]

passwd and permission user for ldapsearch

We've installed and configurated the ldap (and the pam ldap module) for
authentication of linux passwords on our network. We've obtained success
on it.  But we would like to deny ldapsearch permission for regular users
of the network, so that they cannot see the encrypted string. How can we
do this? We changed the permissions of /usr/bin/ldapsearch to 700 and it
worked. But we think this is not secure because our users could get
another ldapsearch executable file (we're interested in limiting the
searches in the server side!).

Also, we would like of know how to configure the passwd program, so that
the user can change his/her own password on client machines and on the
server as well. We've configured /etc/pam.d/passwd as sugested by
the pam ldap module, but we can't change the passwords. When we execute
passwd, it writes:

[user@vega ~]# passwd
Current UNIX password:
New UNIX password:
Retype new UNIX password:
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Insuficient access

At the "Current UNIX password" and "Enter login(LDAP) password" we enter
the current network password. At the "New UNIX password" and "New
password", we type the new password, as desired by the user.

Domingues, Joaquim, Bruno
Network Administrators