[Date Prev][Date Next]
Re: How To set things up to allow users to change their passwords
Robert Heller wrote:
> At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter" <firstname.lastname@example.org> wrote:
>> Robert Heller <email@example.com> writes:
>>> I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
>>> RPMS) and I want to allow users to change their passwords, but I am
>>> confused by the documentation (it has both too much and not enough
>>> information -- there don't appear to be simple HowTos for common setups).
>> see section 6.3
> OK, I have set this up, and with some poking around I have gained a
> better unterstanding of what is going on. I have another question:
> In the sample config it has an access control list that looks like:
> access to attrs=userPassword
> by self write
> by anonymous auth
> by dn.base="cn=Admin,dc=example,dc=com" write
> by * none
> Where does the password for "cn=Admin,dc=example,dc=com" exist? Is this
> something a add to slapd.config or insert into the database or ???
-- SNIP ---
# cat /etc/openldap/slapd.conf
>>> I am not sure what to put in /etc/openldap/slapd.conf (I think I need an
>>> ACL). I expect I need something in /etc/openldap/ldap.conf (or
>>> prossibly /etc/ldap.conf) to allow the authorization. This is on a LAN
>>> with diskless clients, behind a firewall, so I *probably* don't need to
>>> set up SSL and certs (but I am unsure of this as well).
>> Get your system running first, than you may decide to install
>> transport layer security.