[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How To set things up to allow users to change their passwords

To: Chamith Kumarage <gnu.chami@gmx.net>
Subject: Re: How To set things up to allow users to change their passwords
From: Robert Heller <heller@deepsoft.com>
Date: Sat, 5 Dec 2009 08:39:49 -0500
Cc: Robert Heller <heller@deepsoft.com>, Openldap Technical <openldap-technical@openldap.org>
In-reply-to: <1259985196.23965.4.camel@chamith-laptop>
Organization: Deepwoods Software
References: <200912041655.nB4Gt5eD021822@sharky.deepsoft.com> <1259985196.23965.4.camel@chamith-laptop>

At Sat, 05 Dec 2009 09:23:16 +0530 Chamith Kumarage <gnu.chami@gmx.net> wrote:

> 
> On Fri, 2009-12-04 at 11:55 -0500, Robert Heller wrote:
> > I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
> > RPMS) and I want to allow users to change their passwords, but I am
> > confused by the documentation (it has both too much and not enough
> > information -- there don't appear to be simple HowTos for common setups).
> > 
> > I am not sure what to put in /etc/openldap/slapd.conf (I think I need an
> > ACL).  I expect I need something in /etc/openldap/ldap.conf (or
> > prossibly /etc/ldap.conf) to allow the authorization.  This is on a LAN
> > with diskless clients, behind a firewall, so I *probably* don't need to
> > set up SSL and certs (but I am unsure of this as well).
> > 
> 
> Hi Robert,
> 
> I think the most secure (since you are not using SSL) and  preferred way
> is to use a small application for this. You can easily give the users a
> web interface (written using php-ldap) to change their passwords or
> whatever stuff.

This does not really help me much.  Having some random application (web
based or not) is not the issue, I need to know how to *configure* slapd
and ldap in general to allow the proper access levels. Oh I have no
problem with using SSL and if that is the way to I go that way. I also
don't want to run a web server just for one *small* web application.  I
am also not really much of a php programer either.

The admin documentation both has too much information and too little
:-(.  What I am looking for is a specialized how-to for this specific
sort of situation.  I understand that LDAP can do a lot of things,
everything from being a company-with phone book to handling DNS to
handling user authorization, so it makes sense for the admin manual to
cover a broad application range.  I'm just getting lost in it.

> 
> phpldapadamin would do as well. But it's nicer to have your own
> something :)
> 
> Thanks,
> ~Chamith
> 
> 
>                                               

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller@deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/

References:
- How To set things up to allow users to change their passwords
  - From: Robert Heller <heller@deepsoft.com>
- Re: How To set things up to allow users to change their passwords
  - From: Chamith Kumarage <gnu.chami@gmx.net>

Prev by Date: Re: listener question
Next by Date: Re: How To set things up to allow users to change their passwords
Index(es):
- Chronological
- Thread