Hi,
I'm running my LDAP server (2.0.11) on Windows
NT and everything is running smoothly. Unfortunately, I'm experiencing
difficulties when I try to change the user password. I am able to change the
user password if I bind as the user itself but not if I bind as the admin user.
I'm assuming it is something to do with my ACL's but cannot, for the life of me,
see what I am doing wrong. I have even tried setting everyone to have write
access but to no avail.
Changing the password bound as the user I'm using
the following command:
ldappasswd -s garysecret -D
"uid=nolang,ou=NatHealthA,o=CServices" -w garysec2 -x -d -1 -Z
But what command do I need to change the password
as the admin user (preferably using simple authentication? I've tried the
following and get "Unknown error". Please can someone help ?
ldappasswd -A -S -D "cn=CAdmin,o=CServices" -w
adminsecret -X "uid=nolang,ou=NatHealthA,o=CServices" -d -1 -Z
Below is the relevant part of my slapd.conf
file:
database ldbm
suffix "o=CServices" suffix "dc=ldap,dc=CServices,dc=org" directory c:/OpenLDAP/openldap-2.0.11/databases/com rootdn "cn=CManager,o=CServices" rootpw secret index uid pres,eq index cn,sn pres,eq,sub index objectClass eq access to attr=userPassword by self write # by
anonymous auth (tried with anonymous bind
also)
by dn="cn=CAdmin,o=CServices" write by * none access to * by self write by dn="cn=CManager,o=CServices" write by * read My LDIF file is also below:
dn: dc=ldap,dc=CServices,dc=org
objectClass: top objectclass: dcObject objectclass: organization dc: CServices o: CServices dn: o=CServices
objectClass: top objectClass: organization o: CServices dn: cn=CManager,o=CServices
objectClass: organizationalRole cn: CManager description: LDAP Directory Manager (Root) dn: cn=CAdmin,o=CServices
objectClass: organization objectClass: organizationalRole cn: CAdmin o: CServices userPassword: adminsecret description: LDAP Directory Administrator dn: ou=NatHealthA,o=CServices
ou: NatHealthA objectClass: top objectClass: organizationalUnit description: Members of Group A dn: uid=nolang,ou=NatHealthA,o=CServices
cn: Gareth Nolan uid: nolang objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson givenname: Gary sn: Nolan ou: NatHealthA homePostalAddress: 15 Cherry Ln.$Plano TX 78888 postalAddress: 15 Fitzhugh Ave. l: Dallas st: TX postalcode: 76888 telephoneNumber: (800)555-1212 homePhone: 800-555-1313 facsimileTelephoneNumber: 800-555-1414 userPassword: garysecret Gareth Nolan,
England,
UK
|