[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to create encrypted password via command line

Anne Moore wrote:
<<Has slapd.conf been configured to allow users write permission to their

Hmmm, well good question! I checked through the file but could not determine
what should be enabled for that. Do you know what it would take to do enable
user to have write permission to their passwords?


The specifics are totally dependent on your slapd.conf ACLs. The order of the ACLs is highly significant and just inserting a new ACL can render later ACLs useless. Getting this one wrong can render your LDAP authentication scheme useless, or wide open for anyone to read your entire password database.

What you need is something *like* this, fairly high up in the ACL tree:

access to dn.subtree="dc=your root" attrs=userPassword
        by self write
        by dn="uid=<rootbinddn>,dc=your root" write
        by anonymous auth
        by * none

One way to test it is to try changing a users password using ldappasswd, binding as that user with their existing password. ldappasswd is part of the openldap-client package.

Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw ion le ac uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]