[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How To set things up to allow users to change their passwords

At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter" <dieter@dkluenter.de> wrote:

> Robert Heller <heller@deepsoft.com> writes:
> > I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
> > RPMS) and I want to allow users to change their passwords, but I am
> > confused by the documentation (it has both too much and not enough
> > information -- there don't appear to be simple HowTos for common setups).
> http://www.openldap.org/doc/admin24/slapdconfig.html
>  see section 6.3

OK, I have set this up, and with some poking around I have gained a
better unterstanding of what is going on.  I have another question:

In the sample config it has an access control list that looks like:

access to attrs=userPassword
	by self write
	by anonymous auth
	by dn.base="cn=Admin,dc=example,dc=com" write
	by * none

Where does the password for "cn=Admin,dc=example,dc=com" exist?  Is this
something a add to slapd.config or insert into the database or ???

> > I am not sure what to put in /etc/openldap/slapd.conf (I think I need an
> > ACL).  I expect I need something in /etc/openldap/ldap.conf (or
> > prossibly /etc/ldap.conf) to allow the authorization.  This is on a LAN
> > with diskless clients, behind a firewall, so I *probably* don't need to
> > set up SSL and certs (but I am unsure of this as well).
> Get your system running first, than you may decide to install
> transport layer security.
> -Dieter

Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller@deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/