Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
openldap_centos7_tls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
openldap_centos7_tls [2015/09/10 21:44] – [Install and configure OpenLDAP] adminopenldap_centos7_tls [2015/09/15 07:16] – [Install and configure OpenLDAP] admin
Line 132: Line 132:
 EOF EOF
 </code> </code>
 +  * **olcDatabase={2}hdb**: configure indexing:<code># ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF
 +dn: olcDatabase={2}hdb,cn=config
 +changetype: modify
 +replace: olcDbIndex
 +olcDbIndex: objectClass eq,pres
 +olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
 +olcDbIndex: uid,memberUid,gidNumber eq
 +-
 +EOF
 +</code>
 +
   * Modify the configration so that users can change their own passwords, but cannot view others':<code># ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF   * Modify the configration so that users can change their own passwords, but cannot view others':<code># ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF
 dn: olcDatabase={2}hdb,cn=config dn: olcDatabase={2}hdb,cn=config
Line 137: Line 148:
 replace: olcAccess replace: olcAccess
 olcAccess: {0}to attrs=userPassword,shadowLastChange olcAccess: {0}to attrs=userPassword,shadowLastChange
-       by dn.base="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" write+       by dn.exact="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" write
        by self =xw        by self =xw
        by anonymous auth        by anonymous auth
        by * none        by * none
 olcAccess: {1}to * olcAccess: {1}to *
-       by dn.base="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" write+       by dn.exact="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" write
        by self read        by self read
        by users read        by users read
openldap_centos7_tls.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1