[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Adding administrators to LDAP
Thank you very much. It works great now. I have looked at many man pages and
faq and have not come across this. I've looked all over the openldap website
and have not seen anything regarding this. Can you please let me know where
these FAQs are so that I can look there next time instead of asking questions
on the mailing list? I'd appreciate it.
Thanks again,
Joe
Vetle Roeim <vetler@opera.com> said:
> * Joseph Hoot
> > I used ldapdelete and removed my sysadmin group that had the
> > objectClass=posixGroup. I then added the sysadmin group again with the
> > objectclass=groupOfNames and added the dn for it in my ACL rules in
> > slapd.conf. I then restart ldap, and since I was a 'member=
> > uid=jhoot,ou=people,dc=nowcom,dc=com' of cn=sysadmin, and tried to change
the
> > password of another user. The following is what I used to add the
sysadmin
> > entry, what I used as my ACL, and finally what I used to try and change
the
> > password for another user.
> >
> >
> > [jhoot@plastic scripts]$ ldapadd -D cn=manager,dc=nowcom,dc=com -W
> > Enter LDAP Password:
> > cn=sysadmin,ou=Group,dc=nowcom,dc=com
> > objectClass=groupOfNames
> > cn=sysadmin
> > member= uid=jhoot,ou=people,dc=nowcom,dc=com
> > member= uid=bbrookie,ou=people,dc=nowcom,dc=com
> > member= uid=ddimick,ou=people,dc=nowcom,dc=com
> >
> >
> > # Allow the manager and user to change the user's password
> > access to attrs=userpassword
> > by self write
> > by dn="cn=Manager,dc=nowcom,dc=com" write
> > by dn="cn=sysadmin,ou=Group,dc=nowcom,dc=com" write
> > by * search
> > # by anonymous auth
>
> The above is wrong. It should be:
>
> by group="cn=sysadmin,ou=Group,dc=nowcom,dc=com" write
>
> Btw; all this is in the FAQ, and I strongly suggest you read it.
>
>
> vr
>
--
Joseph Hoot
System Administrator
http://www.networkpenguin.com
joe@networkpenguin.com