[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: configure OpenLDAP to allow directory users - change password



Perhaps. But of course, this could simply be a slapd issue (which other
think it is).

So, back to square one. Maybe slapd.conf is just not setup correctly....

Anyone have examples of a slapd.conf that allows directory users to change
their own password?

Thanks

Anne 

-----Original Message-----
From: Gavin Henry [mailto:ghenry@suretecsystems.com] 
Sent: Friday, September 14, 2007 9:52 AM
To: Anne Moore
Cc: 'Buchan Milne'; openldap-software@openldap.org
Subject: RE: configure OpenLDAP to allow directory users - change password

<quote who="Anne Moore">
> Hi Milne
>
> <<Or, if you've set pam up correctly, passwd.>>
>
> You're probably right on this. Any idea how to set it up to work with 
> OpenLdap correctly?

That's a different mailing list I'm afraid.

>
> Thanks
>
> Anne
>
> -----Original Message-----
> From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
> Sent: Friday, September 14, 2007 2:58 AM
> To: openldap-software@openldap.org
> Cc: Gavin Henry; Anne Moore
> Subject: Re: configure OpenLDAP to allow directory users - change 
> password
>
> On Thursday 13 September 2007 22:54:45 Gavin Henry wrote:
>> <quote who="Anne Moore">
>>
>> > HI Gavin
>> >
>> > The clients we use are Red Hat ES 4.0 systems (40 of them).
>> >
>> > Any ideas on how to allow my users to change their own passwords?
>>
>> ldappasswd?
>
> Or, if you've set pam up correctly, passwd.
>
>> > Thank you for the help!
>> >
>> > Anne
>> >
>> > Gavin Henry <ghenry@suretecsystems.com> wrote:
>> >> Hi All
>> >>
>> >> Does anyone know how to configure OpenLDAP to allow directory 
>> >> users to change their own passwords?
>> >
>> > You don't mention anything about the clients you are using or your 
>> > ACLs
>
> The default ACLs shipped in most default slapd.conf files usually has 
> something like this, which would be sufficient:
>
> access to attrs=userPassword
> 	by self write
> 	by * auth
>
>
>> >> I've using Openldap-2.2.13-7.4E (on my RedHat server)
>> >
>> > See the our recommendations of using Red Hat OpenLDAP software in 
>> > the archives.
>
> 2.2 is deprecated. 2.3 is current, and has some features (for example 
> password policy enforcement) that you may desire/require.
>
> Packages are available that install cleanly in parallel, such as mine:
>
> http://staff.telkomsa.net/packages/rhel4/openldap/
>
>