[Date Prev][Date Next] [Chronological] [Thread] [Top]

setting up openldap for day-to-day admin

        I'm having a bit of trouble wrapping my brain around the steps
needed to make a pretty simple setup of OpenLDAP work for me.  I was
able to use ldapadd to put a bunch of users into my database, then set
up nsswitch.conf to allow ldap to emulate NIS.  I can't tell you how
happy I am to be rid of NIS, OpenLDAP has been awesome to me.
        Right now though, I'm not able to change user passwords, and I
think it's because I haven't given users rights to do so, or at least
haven't given them rights to do so on the network.  I think the relevant
part of my slapd.conf file is this:
 access to dn.base="" by * read  access to dn.base="cn=Subschema" by *
read  access to *         by self write
        by users read
        by anonymous auth
That looks good, but I find messages like:
May  6 12:32:31 summoner passwd[15665]: pam_ldap: ldap_modify_s
Insufficient access
May  6 12:33:06 summoner passwd[15668]: pam_ldap: ldap_modify_s
Insufficient access
in /var/log/messages.  So, I think that I need to do 2 things.  First, I
need ldap to recognize users for who they are, not anonymous.  Second
I'd like to set myself up as the ldap admin, so that I can easily edit
things like users and passwords and phone numbers (instead of always
having to specify "cn=ldapadmin,dc=modsim,dc=lab")  Where do I start?