[Date Prev][Date Next]
Re: Antwort: Re: Changing User Password with ldappasswd
The thing works that way with my openldap 2.0.14 server and clients. If
you have another client, then you'd consult the man page. BTW, the "-S"
option instructs the program to ask the user to provide a new password in
a way similar to passwd(1). It's only a bit confusing that ldappasswd
asks for the bind password (i.e. the old one) at the end.
For what reason you don't want users to enter their password from the
terminal (i.e. not on the command line)? Anyway, if user wants to change
his password, he _must_ to provide it in some way, either by typing it
interactively or supplying it on the command line. For invoking
ldappasswd means creating a new (and unrelated) connection to the server.
BTW, I had to include "ou=People" in the name:
$ ldappasswd -D "uid=ldapuser,ou=People,<the base dn>"
but that depends on your ldap directory structure.
Hope this helps.
To: Dejan Muhamedagic/Austria/Contr/IBM@IBMAT
Subject: Antwort: Re: Changing User Password with ldappasswd
sorry, but this did not work (first I dropped the -W because I DON'T want
user to enter the ldap password)
The -S switch is unknown to my ldappasswd...
When I issue
ldappasswd -D 'cn=user, o=my organization, c=D' (either with our without
I get an "insufficient access" message.
"Dejan Muhamedagic" <firstname.lastname@example.org> on 2002-01-30 14:46:02
Thema: Re: Changing User Password with ldappasswd
You should use the user's DN and not the admin's DN:
ldappasswd -WS -D 'cn=user, o=my organization, c=D'
This way you'll bind to the server as the "user" and not as the admin.
Sent by: owner-openldap-software@OpenLDAP.org
Subject: Changing User Password with ldappasswd
I try to change the attr userPassword of an ldap db entry being logged on
user represented by the entry itself.
So when a user enters "ldappasswd -W -D 'cn=Admin, o=my organization, c=D'
'uid=userid'" he is asked for the rootpw
and afterwards can successfully change his password. But this is not what
intended because I don't want to tell my
users the rootpw of the ldap db.
my access control section in slapd.conf looks as follows:
access to dn=".*, o=my organization, c=D" attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,o=my organization, c=D" write
by * none
I understood that by specifying "...by self write..." every user who is
represented by a ldap entry should be able to modify
his attr userPassword WITHOUT having to know the rootpw.
Is this wrong? How can I get around with this?