Once I change the users password I can successfully do a ldapwhoami, so I would assume that I am binding at that point. I guess I am look on how to proceed with users that have not had their passwords changed as the manager. Is there a different way that I should have imported them?
Thanks
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] Sent: Monday, August 13, 2007 9:28 PM
To: Rick Tautin
Cc: Pierangelo Masarati; openldap-software@openldap.org
Subject: Re: Problem changing passwords after import
Rick Tautin wrote:The directory is the only place that there is user information. Itookall the entries out of the old password file and the only thing thatisitin there are the local accounts. So if it is not getting its credentials from the directory I don't know where it would be gettingfrom. Also when I stop the server I am unable to check mail or ftp to
our servers.
You're missing the crucial point that Unix services can authenticate
users against an LDAP database without performing an LDAP Bind operation on
that user. I.e., with sufficient privileges nss_ldap can just retrieve a
user's userPassword attribute and authenticate against it when it is stored in crypt(3) format, even if slapd doesn't itself support crypt (or the same
version of crypt).
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/