Setting User Passwords
217
To turn off user and subtree level password policy checks, set the
nsslapd-pwpolicy-local
attribute to
off
by modifying the
cn=config
entry. For example:
1
ldapmodify -h myserver -p 389 -D "cn=directory manager" -w secretpwd
dn: cn=config
changetype: modify
replace: nsslapd-pwpolicy-local: on
nsslapd-pwpolicy-local: off
This attribute can also be disabled by modifying it directly in the configuration file (
dse.ldif
).
1. Stop the server.
2
service dirsrv stop
instance
2. Open the
dse.ldif
file in a text editor.
3. Set the value of
nsslapd-pwpolicy-local
to
off
, and save.
nsslapd-pwpolicy-local: off
4. Start the server.
service dirsrv start
instance
7.1.2. Setting User Passwords
An entry can be used to bind to the directory only if it has a
userpassword
attribute and if it has not
been inactivated. Because user passwords are stored in the directory, the user passwords can be set
or reset with any LDAP operation, like
ldapmodify
.
1
For information on creating and modifying directory entries, see
Chapter 2, Creating Directory Entries
.
For information on inactivating user accounts, refer to
Section 7.2, “Inactivating Users and Roles”
.
Passwords can also be set and reset in the
Users and Groups
area of the Administration Server. For
information on how to use the
Users and Groups
area, see the online help that is available in the Red
Hat Administration Server.
7.1.3. Password Change Extended Operation
While most passwords can be changed through the Console and other Directory Server features
or through the
ldapmodify
operation, there are some passwords that cannot be changed through
regular LDAP operations. These passwords may be stored outside the Directory Server, such as
passwords stored in a SASL application. These passwords can be modified through the
password
change extended operation
.
Directory Server supports the password change extended operation as defined in RFC 3062, so
users can change their passwords, using a suitable client, in a standards-compliant way. Directory
The LDAP tools referenced in this guide are Mozilla LDAP, installed with Directory Server in the
/usr/lib/mozldap
directory
on Red Hat Enterprise Linux 5 (32-bit); directories for other platforms are listed in
Section 1.2, “LDAP Tool Locations”
. However,
Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP. It is possible to use the OpenLDAP commands as
shown in the examples, but you must use the
-x
argument to disable SASL and allow simple authentication.
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...