[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap passwd change problem




Hi Jawed

> you know  I always have been worried about this, to add new user and
modify user info it seems too much work to me.

I´m newbye, but I think the same. :-)

> how you decide on which uid is free in ldap or keep track of uid and gid,
because ldap is simply
> dumb to me, you need to tell what it is going to and where.

Well, I think it´s one advantage. I´m creating shell scripts to implement
the user maintenance. Then, I can attribute ranges of UIDs and GIDs for
user categories (500-1500 for employees, 1501-3000 for teachers, 3001-30000
for students, etc), organizating much better my Unix base. To make it, I´m
creating one base file, where is stored the last UID and GID used of all
categories. The script add one (I use the command "expr" to make it) to the
value stored and create the new UID. After that, it changes the value in
the base file.

> So do you know of easy way to add users or modify their passwd .

I think that there are graphical and web tools to make it. I prefer to know
and rule better the system, then I´m creating my own scripts. But you can
try to look QTLDAP ( http://heim.ifi.uio.no/~espenmy/download/ ), for
example. Anyone knows any other tool?

> but look at this scenario that how often users forget their passwords, in
my office very often,

Yes, I have the same problem here. But I´m intending to make one script to
automatizate the procedures that I was described to you. Or find one tool
to make it (I think it´s impossible that anyone has made anything to
implement this banal feature).

> I see them banging desk because they can't login,as they don't know what
the password is,
> so if i have to change ldap password for 5 user at a time I to create
ldif file
> hash their passwords, put them in that ldif, then hashing is also so
confusing CRYPT works MD5 doesn't ,

Well, if you configure your clients with option "pam_password exop" in the
"/etc/ldap.conf" (tip from Andreas) it´s unnecessary the preocupation about
hash. I´m using {MD5} now. And you can create a hashed default password for
this cases (for example: "changeYourPassword"). Then, when anyone forget
his password, you can substitute the password field of the user entry for
this pre-hashed password. And the user will be "motivated" to change the
password immediately... :-) So, the problem is only to create one ldif
file. With shell scripts, it´s a simple task. But, I repeat, I think that
there are existing applications to make it. Anyone in the list knows
anything about?????

> I am just trying let my frustration go, and trying to see how you manage
this stuff.

At the moment, I´m using NIS yet. But when my scripts are ready, I´ll
migrate the users.

Best regards