[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL Stuff and changing passwords
I have a few questions:
1) This question is for Kurt - I went to freshmeat looking for an LDAP client
and found one and it had something to do with Pendium (or something like
that). Do you know what this Pendium thing was called. It had something to
do with postfix and I'm interested in replacing our Sendmail server with
Postfix and integrating LDAP and virtual domains and stuff. If you happen to
know what I'm talking about would you please respond? Thanks.
2) What is the best way to change a users password? ldappasswd or ldapmodify?
3) If I try to use ldappasswd with user "jhoot" , for example, the ldap server
denies this user from changing his password. The command I used is the
following:
[jhoot@elmer jhoot]$ ldappasswd -t uid=jhoot,ou=people,dc=nowcom,dc=com -H md5
New password:
Re-enter new password:
ldap_modify: Insufficient access
If I use ldappasswd in the same manner and add "-D cn=manager,dc=nowcom,dc=com
-W" then I can enter the rootdn password and it works.
Here is my ACL information from slapd.conf:
# Define global ACLs to disable default read access.
# Deny all unless specifically allowed
defaultaccess none
# Allow the manager and user to change the user's password
access to attrs=userpassword
by self write
by dn="cn=Manager,dc=nowcom,dc=com" write
by * search
# Allow the following fields to be seen by the world
access to attrs=mail,cn,sn,givenname,o,ou,title,uid,telephoneNumber
by * read
# Allow clients to authenticate
access to
attrs=objectclass,uid,host,uidnumber,gidnumber,homedirectory,loginshell,gecos,description
by dn="cn=Manager,dc=nowcom,dc=com" write
by * read
# Allow log information for slapd to use for internal use (This must be in
here to authenticate)
access to attrs=entry
by * read
4) Is anyone using PHP's ldap_modify() to change passwords? If so, would you
mind posting an example?
--
Joseph Hoot
System Administrator
http://www.networkpenguin.com
joe@networkpenguin.com