Hi,
I'm having a bit of trouble wrapping my brain around the steps
needed to make a pretty simple setup of OpenLDAP work for me. I was
able to use ldapadd to put a bunch of users into my database, then set
up nsswitch.conf to allow ldap to emulate NIS. I can't tell you how
happy I am to be rid of NIS, OpenLDAP has been awesome to me.
Right now though, I'm not able to change user passwords, and I
think it's because I haven't given users rights to do so, or at least
haven't given them rights to do so on the network. I think the relevant
part of my slapd.conf file is this:
access to dn.base="" by * read access to dn.base="cn=Subschema" by *
read access to * by self write
by users read
by anonymous auth
That looks good, but I find messages like:
May 6 12:32:31 summoner passwd[15665]: pam_ldap: ldap_modify_s
Insufficient access
May 6 12:33:06 summoner passwd[15668]: pam_ldap: ldap_modify_s
Insufficient access
in /var/log/messages. So, I think that I need to do 2 things. First, I
need ldap to recognize users for who they are, not anonymous. Second I'd
like to set myself up as the ldap admin, so that I can easily edit things
like users and passwords and phone numbers (instead of always having to
specify "cn=ldapadmin,dc=modsim,dc=lab") Where do I start?
--