[Date Prev][Date Next]
Re: setting up openldap for day-to-day admin
--On Thursday, May 06, 2004 9:39 PM -0400 Maxwell Bottiger
I'm having a bit of trouble wrapping my brain around the steps
needed to make a pretty simple setup of OpenLDAP work for me. I was
able to use ldapadd to put a bunch of users into my database, then set
up nsswitch.conf to allow ldap to emulate NIS. I can't tell you how
happy I am to be rid of NIS, OpenLDAP has been awesome to me.
Right now though, I'm not able to change user passwords, and I
think it's because I haven't given users rights to do so, or at least
haven't given them rights to do so on the network. I think the relevant
part of my slapd.conf file is this:
access to dn.base="" by * read access to dn.base="cn=Subschema" by *
read access to * by self write
by users read
by anonymous auth
That looks good, but I find messages like:
May 6 12:32:31 summoner passwd: pam_ldap: ldap_modify_s
May 6 12:33:06 summoner passwd: pam_ldap: ldap_modify_s
in /var/log/messages. So, I think that I need to do 2 things. First, I
need ldap to recognize users for who they are, not anonymous. Second I'd
like to set myself up as the ldap admin, so that I can easily edit things
like users and passwords and phone numbers (instead of always having to
specify "cn=ldapadmin,dc=modsim,dc=lab") Where do I start?
This is best addressed by the PAM/NSS LDAP lists. You can find their
PADL provide three mailing lists which users of our open source software
can use to support each other. Users can subscribe to these mailing lists
by sending a mail to firstname.lastname@example.org with "subscribe listname" in the
body. The addresses below are for posting to the mailing lists; do not send
subscription requests to these addresses. Posting is limited to subscribers.
email@example.com - general discussion about software which supports RFC
firstname.lastname@example.org - discussion amongst users of nss_ldap. An archive is
available at http://www.netsys.com/nssldap/.
email@example.com - discussion amongst users of pam_ldap. An archive is
available at http://www.netsys.com/pamldap/.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html