OpenLDAP

Craig White craigwhite at azapple.com
Tue May 16 09:57:23 MST 2006 

Copy of email I sent to Nathan (his email reached me first).

If you bind as "cn=root,dc=tontoapache,dc=com", you shouldn't have any
problems changing things.

ldapmodify -x -h localhost \
-D "cn=root,dc=tontoapache,dc=com" \
-W -f /tmp/changes.ldif

thus the changes in /tmp/changes.ldif should work.

It really helps clarify things when you learn to use the command line
client tools first (ldapadd/ldapmodify/ldapsearch) before you go jumping
into gui tools.

Anyway, you have no ACL's at all so the only one who is allowed access
is going to be the rootdn.

If you add (see below for location)... (note that the ACL I included is
just 1 of many).

Craig

On Tue, 2006-05-16 at 09:25 -0700, Nathan England wrote:
> This is my entire slapd.conf file, I found one of the articles from LJ
and
> I'm going to make some changes to it following their example.
> 
> nathan
> 
> 
> include               /etc/openldap/schema/core.schema
> include               /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/samba.schema
> # Define global ACLs to disable default read access.
----
# the following allows version 2 binds (some clients
# like mail clients still use v2 binds) and the second
# argument allows anonymous binds
#
allow           bind_v2 bind_anon_dn
----
> 
----
# very helpful for logging
#
loglevel        256
#
#
# if you add something like this to your syslog.conf
#
# local4.*                            /var/log/slapd.log
#
----
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral     ldap://root.openldap.org
> 
> pidfile   /var/run/slapd.pid
> argsfile  /var/run/slapd.args
> 
> # Load dynamic backend modules:
> modulepath    /usr/sbin/openldap
> moduleload    back_bdb.la
> moduleload    back_ldap.la
> moduleload    back_ldbm.la
> moduleload    back_passwd.la
> moduleload    back_shell.la
----
# ACL's
#
# the following allows all to read and write (probably bad)
#
# access to * by * write
#
# allow everybody to try to bind
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
        by dn.exact="uid=Administrator,ou=People,dc=azapple,dc=com"
write
        by self write
        by anonymous auth
        by * none
#
----
> 
> #security ssf=1 update_ssf=112 simple_bind=64
> 
>
#######################################################################
> # BDB database definitions
>
#######################################################################
> 
> database      bdb
> suffix                "dc=tontoapache,dc=com"
> rootdn                "cn=root,dc=tontoapache,dc=com"
> rootpw                {SSHA}g3hhl8wBhHKNd6TylI2F6ZLfuAaJrXem
> directory     /var/lib/openldap/openldap-data
> 
> # Indices to maintain
> index objectClass     eq
> index cn              pres,sub,eq
> index sn              pres,sub,eq
> index uid             pres,sub,eq
> index displayName     pres,sub,eq
> index sambaSID                eq
> index sambaPrimaryGroupSID    eq
> index sambaDomainName         eq
> index default                 sub
>

More information about the PLUG-discuss mailing list