[Date Prev][Date Next]
Re: Changing lost passwords
For OpenLDAP, you can change directory user's password
using either ldappasswd(1) or ldapmodify(1).
However, it seems this is more of an nss/pam ldap issue
than an OpenLDAP issue. That is, it seems you are talking
about operating system account passwords. Please use either
email@example.com or firstname.lastname@example.org to discuss issues
with nss/ldap and pam/ldap, respectively.
At 02:43 AM 2/27/2004, Kief Morris wrote:
>So I've got openldap running (system details below), and user accounts
>authenticating against it, all quite nice. However, the one thing I haven't
>figured out is what I need to set up, and how to set it up, so that I can
>change a user's password without knowing their old password, i.e. the
>forgotten password use case.
>I've searched and sifted through lots of documentation, but can't quite
>find something that nails it. I'm sure it must be in the archive for this
>list, but I'm clearly not using the right search terms.
>Two key requirements are:
>* I do not want to store the ldap admin password in clear text on a
> filesystem, even if it's in a root-readable-only file. I believe rootbinddn
> could be used if I didn't mind this.
>* It shouldn't be overly awkward. Using the passwd command or
> something similar that works like a traditional Unix system is
> what I have in mind. At the moment the best I can do is manually
> poke a hashed string into the appropriate ldap record, which is
>Surely I'm not the only one who isn't comfortable putting the unhashed
>admin password in a cleartext file, so there must be a solution out
>Otherwise, perhaps I will have to write a script that prompts for the
>admin password, and then hashes the new user password and uses
>ldapmodify to poke it into the ldap record.
>My system details are:
>Debian Linux with the following packages:
> ldap-utils/testing uptodate 2.1.23-1
> libldap2-dev/testing uptodate 2.1.23-1
> libldap2/testing uptodate 2.1.23-1
> libnss-ldap/testing uptodate 211-4
> libpam-ldap/testing uptodate 164-2
>Configuration files are attached.
>Thanks for any help, pointers to FAQ items, online howtos, or other specific
>RTFM pointers are more than welcome.