Re: How To set things up to allow users to change their passwords

[Howard Chu <hyc@symas.com>]

Robert Heller wrote:
> At Sat, 05 Dec 2009 21:12:14 +0100 Zdenek Styblik<stybla@turnovfree.net>  wrote:
>
> > Robert Heller wrote:
> > > At Sat, 05 Dec 2009 19:41:26 +0100 Zdenek Styblik<stybla@turnovfree.net>  wrote:
> > >
> > > > Robert Heller wrote:
> > > > > At Sat, 05 Dec 2009 18:29:55 +0100 Zdenek Styblik<stybla@turnovfree.net>  wrote:
> > > > >
> > > > > > Robert Heller wrote:
> > > > > > > At Sat, 05 Dec 2009 09:12:46 +0100 "Dieter Kluenter"<dieter@dkluenter.de>  wrote:
> > > > > > >
> > > > > > > > Robert Heller<heller@deepsoft.com>  writes:
> > > > > > > >
> > > > > > > > > I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
> > > > > > > > > RPMS) and I want to allow users to change their passwords, but I am
> > > > > > > > > confused by the documentation (it has both too much and not enough
> > > > > > > > > information -- there don't appear to be simple HowTos for common setups).
> > > > > > > > http://www.openldap.org/doc/admin24/slapdconfig.html
> > > > > > > >   see section 6.3
> > > > > > > OK, I have set this up, and with some poking around I have gained a
> > > > > > > better unterstanding of what is going on.  I have another question:
> > > > > > >
> > > > > > > In the sample config it has an access control list that looks like:
> > > > > > >
> > > > > > > access to attrs=userPassword
> > > > > > > 	by self write
> > > > > > > 	by anonymous auth
> > > > > > > 	by dn.base="cn=Admin,dc=example,dc=com" write
> > > > > > > 	by * none
> > > > > > >
> > > > > > > Where does the password for "cn=Admin,dc=example,dc=com" exist?  Is this
> > > > > > > something a add to slapd.config or insert into the database or ???

The text of the example refers to the "admin" entry. Obviously an "entry" 
refers to an entry in the database.

> > Well, ok then. Btw you're reading guide for 2.4.x (and you have 2.3.x).
>
> Yes, I know.

We've stated time and time again, use the docs that came with the version of 
the software you're running. You're being deliberately obtuse here.

> > > I'm using CentOS (RHEL).

> I don't need a heavyweight application and I would prefer something that
> is installed from a CentOS/RHEL repository, rather than installed from
> source -- that is something under the O/S's package management system.

Then go waste RedHat's time, not ours. 2.3 has been phased out. 2.4 has been 
available since 2007. If you want to use the outdated stuff your vendor 
provides, then you should be getting support from your vendor as well.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/