[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: using -W/-w <binddnpasswd>
- To: nazard@dragoninc.on.ca
- Subject: Re: using -W/-w <binddnpasswd>
- From: Cibu C Johny <Cibu_Johny@mw.3com.com>
- Date: Mon, 8 May 2000 19:05:06 -0500
- Cc: openldap-software@OpenLDAP.org
- In-reply-to: <03227E77B3D034B8862568D6005FCA80.006031F4862568D6@mw.3com.com>; from "nazard@dragoninc.on.ca" on Friday, 05 May 2000, at 12:30:42 (-0500)
- References: <03227E77B3D034B8862568D6005FCA80.006031F4862568D6@mw.3com.com>
- User-agent: Mutt/0.96.1i
Thanks a lot for the detailed description.
Still I havent got it working. Following is my slapd.conf:
-------------------------------------------------------
include /usr/local/etc/openldap/slapd.at.conf
include /usr/local/etc/openldap/slapd.oc.conf
schemacheck on
database ldbm
suffix "o=3com, c=us"
rootdn "o=3com, c=us"
rootpw password
access to *
by self write
by * none
--------------------------------------------------------
THE COMMAND I TRIED WAS:
ldappasswd -v -w a -b "cn=Cibu Johny, o=3com, c=us" -h <ip addr of slapd server> "cn=*"
IT GAVE FOLLOWING ERROR MESSAGE: ('a' was the password set)
New password:
Re-enter new password:
cn=Cibu Johny, o=3com, c=us
ldap_modify: Insufficient access
--------------------------------------------------------
BUT WITH FOLLOWING ACL CHANGE, ldappasswd CHANGES PASSWORD:
--------------------------------------------------------
access to *
by self write
by * write
--------------------------------------------------------
But it does not require -w flag. So what I dont understand is how does slapd
recognizes the 'self'.
Thanks,
Cibu
nazard@dragoninc.on.ca <nazard@dragoninc.on.ca> wrote --
> Those two options are used to specify the credentials passed to the
> ldap server. -W prompts you for the password and -w specifies one on
> the command line.
>
> Now, to authenticate users to need to add a few access options to your
> slapd.conf file. For example, to allow access to certain attributes by
> certain people only use something like this
>
> access to dn=".*,ou=People,dc=dragoninc,dc=on,dc=ca"
> attr=userpassword,ntpassword,lmpassword
> by dn="uid=root,ou=People,dc=dragoninc,dc=on,dc=ca" write
> by * none
>
> to change the default permission to disallow everyone, use
>
> defaultaccess none
>
>
> ACL's are checked top to bottom, so be careful of the order.
>
>
> Now to configure an entry to have a password, you need to create an
> userpassword attribute. The format is
>
> {crypt}standard unix encrypted password
> and/or
> {md5}md5 hash of the password
> and/or
> {sha1}sha1 hash of the password
>
> note that the {} portion is actual text and required. So the password
> "password" would be something like
>
> {crypt}MRZzirkQbIFEk
> or
> {md5}5f4dcc3b5aa765d61d8327deb882cf99
--
-------------------------------------------------------
3com Corp. Off: 847-797-2954 [USA]
Cibu_Johny@mw.3com.com Res: 847-357-1041 [USA]
http://CibuCJ.tripod.com Mob: 847-287-9604 [USA]
-------------------------------------------------------