#StackBounty: #centos #openldap #passwd Let openldap users change password with passwd in centos, i broke it

Bounty: 50

Tried to do the above with this tutorial:

https://www.unixguide.net/content/openldap-allow-users-change-their-password-unix-passwd-command

So I created this ldif:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=ldapadm,dc=bbb,dc=local" write by * none

add: olcAccess
olcAccess: to * by self write by dn.base="cn=ldapadm,dc=bbb,dc=local" write by * read

Ran the ldapmodify, now no user can log into any client with their password when they could before I ran the above modify.

now attempting to login says permission denied after correct password is entered….what did I break ?? (totally new to openldap)

And as it might be relevant this is how I got my clients connected to my openldap server:

yum install -y openldap-clients nss-pam-ldapd
authconfig --enableldap --enableldapauth --ldapserver=192.168.1.10 --ldapbasedn="dc=bbb,dc=local" --enablemkhomedir --update


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.