Antwort: Re: Changing User Password with ldappasswd

[thomas.emde@scaleon.de]

Hello Dejan,

sorry, but this did not work (first I dropped the -W because I DON'T want the
user to enter the ldap password)
The -S switch is unknown to my ldappasswd...

When I issue

ldappasswd -D 'cn=user, o=my organization, c=D' (either with our without the
filter "uid=userid")

I get an "insufficient access" message.

regards,
Thomas




"Dejan Muhamedagic" <dejan.muhamedagic@at.ibm.com> on 2002-01-30 14:46:02


An:    thomas.emde@scaleon.de
Kopie: openldap-software@OpenLDAP.org
Blindkopie:
Thema: Re: Changing User Password with ldappasswd

Hello,

You should use the user's DN and not the admin's DN:

ldappasswd -WS -D 'cn=user, o=my organization, c=D'

This way you'll bind to the server as the "user" and not as the admin.

Cheers.

Dejan

Sent by:        owner-openldap-software@OpenLDAP.org
To:     openldap-software@OpenLDAP.org
cc:
Subject:        Changing User Password with ldappasswd


Hello,

I try to change the attr userPassword of an ldap db entry being logged on
as the
user represented by the entry itself.
So when a user enters "ldappasswd -W -D 'cn=Admin, o=my organization, c=D'
'uid=userid'" he is asked for the rootpw
and afterwards can successfully change his password. But this is not what
I
intended because I don't want to tell my
users the rootpw of the ldap db.
my access control section in slapd.conf looks as follows:

access to dn=".*, o=my organization, c=D" attr=userPassword
        by self write
        by anonymous auth
        by dn="cn=Admin,o=my organization, c=D" write
        by * none

I understood that by specifying "...by self write..." every user who is
represented by a ldap entry should be able to modify
his attr userPassword WITHOUT having to know the rootpw.
Is this wrong? How can I get around with this?

best regards,
Thomas