[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Changing rootdn password while it's in the db (not in slapd.conf)?



I'll answer my own question!

On 2/8/07, m h <sesquile@gmail.com> wrote:

So, now back to my original issue. Updating the rootdn password. When I try the following it fails:: ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com cn=Manager,dc=example,dc=com New password: Re-enter new password: ldap_initialize( <DEFAULT> ) Result: Insufficient access (50)


You silly person! You haven't set any ACLs! If you would have read here [1] you would see how to create a group and set acl's in the slapd.conf file.

Here I'll give you an example, add the following to your ldif::

#add groups for acl
# create FIRST Level groups branch

dn: ou=groups,dc=example,dc=com
objectclass:organizationalunit
ou: groups
description: generic groups branch

# create the admin entry under groups
dn: cn=admin,ou=groups,dc=example,dc=com
objectclass: groupofnames
cn: admin
description: Admin group
member: cn=Manager,dc=example,dc=com


Noticed how we made our rootdn user (cn=Manager,dc=example,dc=com) a member of the admin group.

Now in slapd.conf add the following::

##let admin user change everything
# ACL1 see http://www.zytrax.com/books/ldap/ch5/step2.html
access to attr=userpassword
      by self       write
      by anonymous  auth
      by group.exact="cn=admin,ou=groups,dc=example,dc=com"
                    write
      by *          none

good luck!

-matt

1 - http://www.zytrax.com/books/ldap/ch5/step2.html