Giving Permission to change password for the authenticated current user
By using this configuration only currently authenticated user can change the password themselves. He can't view or change the others passwords.
Open /etc/openldap/slapd.conf
Giving permission to the Manager to update the filed of his Employee
access to dn.exact="uid=sulthan,ou=People,dc=fireblade,dc=com"
Save the configuration file and restart the ldap using th below command
NOTE: Create user sulthan with objectClass: IntetOrgPerson and suresh as his manager using any of the LDAP client like Apache Directory Studio.
LDIF for both sulthan and suresh are given below.
Suresh is the Manager for Sulthan and he can update the fields such as carLicense,homePhone,mobile,pager,telephoneNumber.
By using this configuration only currently authenticated user can change the password themselves. He can't view or change the others passwords.
Open /etc/openldap/slapd.conf
# vim /etc/openldap/slapd.conf
After the line rootdn "cn=Manager,dc=fireblade,dc=com" enter the below configurations.
access to attrs=userPassword
by self write
by * auth
access to *
by * read
Save the configuration and restart the openldap
# /etc/init.d/openldap restart
Giving permission to the Manager to update the filed of his Employee
# vi /etc/openldap/slap.confAfter the line rootdn "cn=Manager,dc=fireblade,dc=com" enter the below configurations.
access to dn.exact="uid=sulthan,ou=People,dc=fireblade,dc=com"
attrs=carLicense,homePhone,mobile,pager,telephoneNumber by self write by set="this/manager & user" write by * read
Save the configuration file and restart the ldap using th below command
# /etc/init.d/ldap restart
NOTE: Create user sulthan with objectClass: IntetOrgPerson and suresh as his manager using any of the LDAP client like Apache Directory Studio.
LDIF for both sulthan and suresh are given below.
dn: cn=sulthan,ou=People,dc=fireblade,dc=com objectClass: posixAccount objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: sulthan gidNumber: 20001 homeDirectory: /home/smunaver sn: Sulthan Munaver uid: sulthan uidNumber: 20000 manager: uid=suresh,ou=People,dc=fireblade,dc=com telephoneNumber: 666677777777 userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09
dn: cn=suresh,ou=People,dc=fireblade,dc=com objectClass: posixAccount objectClass: top objectClass: person cn: suresh gidNumber: 3001 homeDirectory: /home/suresh sn: suresh uid: suresh uidNumber: 3000 userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09
Suresh is the Manager for Sulthan and he can update the fields such as carLicense,homePhone,mobile,pager,telephoneNumber.
No comments:
Post a Comment