[Date Prev][Date Next]
Antwort: Re: Antwort: Re: Changing User Password with ldappasswd
Ok, I thought the rootpw directive only applies when using the rootdn (-D
and by issuing an access control directive with "access to userpassword by self
write" I could
everybody make change their user passwords without issuing the ldap password.
So how could I prevent a normal user from using
-D "cn=Admin, ..." and destroying my ldap db (for I have to tell him the ldap
password as you pointed out)?
Or how can I configure ldap to use each user's old userpassword as the ldap
password when using "ldappasswd"?
P.S. I just got Dejan's answer and it seems that I am using quite an old version
of openldap (1.2.11). I'll give it a try
and install the latest version.
Daniel Tiefnig <email@example.com>@OpenLDAP.org on 2002-01-30 16:24:00
Bitte antworten an Daniel Tiefnig <firstname.lastname@example.org>
Gesendet von: owner-openldap-software@OpenLDAP.org
Thema: Re: Antwort: Re: Changing User Password with ldappasswd
> Hello Dejan,
> sorry, but this did not work (first I dropped the -W because I
> DON'T want the user to enter the ldap password)
hmm.. and you really think, you can bind to the ldap server as user
"user" _without_ specifying its password..? think again..
> When I issue
> ldappasswd -D 'cn=user, o=my organization, c=D' (either with our
> without the filter "uid=userid")
> I get an "insufficient access" message.
of course. you'll have to bind as a user with write access to the
userpassword attribute with username _and_ password. no way out. (except
allowing anonymous write, but you _don't_ want that..)