[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Changing rootdn password while it's in the db (not in slapd.conf)?
I'll answer my own question!
On 2/8/07, m h <sesquile@gmail.com> wrote:
So, now back to my original issue. Updating the rootdn password.
When I try the following it fails::
ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)
You silly person! You haven't set any ACLs! If you would have read here [1]
you would see how to create a group and set acl's in the slapd.conf file.
Here I'll give you an example, add the following to your ldif::
#add groups for acl
# create FIRST Level groups branch
dn: ou=groups,dc=example,dc=com
objectclass:organizationalunit
ou: groups
description: generic groups branch
# create the admin entry under groups
dn: cn=admin,ou=groups,dc=example,dc=com
objectclass: groupofnames
cn: admin
description: Admin group
member: cn=Manager,dc=example,dc=com
Noticed how we made our rootdn user (cn=Manager,dc=example,dc=com) a member
of the admin group.
Now in slapd.conf add the following::
##let admin user change everything
# ACL1 see http://www.zytrax.com/books/ldap/ch5/step2.html
access to attr=userpassword
by self write
by anonymous auth
by group.exact="cn=admin,ou=groups,dc=example,dc=com"
write
by * none
good luck!
-matt
1 - http://www.zytrax.com/books/ldap/ch5/step2.html