"Fossies" - the Fresh Open Source Software Archive

Member "ldap-account-manager-7.0/docs/manual/ch07.html" (21 Dec 2019, 3985 Bytes) of package /linux/privat/ldap-account-manager-7.0.tar.bz2:


Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links. You can here alternatively try to browse the pure source code or just view or download the uninterpreted raw source code. If the rendering is insufficient you may try to find and view the page on the ldap-account-manager-7.0.tar.bz2 project site itself.

Chapter 7. Self service (LAM Pro)

Preparations

OpenLDAP ACLs

By default only a few administrative users have write access to the LDAP database. Before your users may change their settings you must allow them to change their LDAP data.

Hint: The ACLs below are not required if you decide to run all operations as the LDAP bind user (option "Use for all operations").

This can be done by adding ACLs to your slapd.conf or slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to these:

access to

attrs=userPassword

by self write

by anonymous auth

by * none


access to

attrs=mail,sn,givenName,telephoneNumber,mobile,facsimileTelephoneNumber,street,postalAddress,postOfficeBox,postalCode,roomNumber,shadowLastChange,passwordSelfResetAnswer,passwordSelfResetQuestion,passwordSelfResetBackupMail

by self write

by * read

If you do not want them to change all attributes then reduce the list to fit your needs. Some modules may require additional LDAP attributes. You can use the tree view to get the technical attribute names e.g. by selecting an user account.

Usually, the slapd.conf file is located in /etc/ldap or /etc/openldap.

Other LDAP servers

There exist many LDAP implementations. If you do not use OpenLDAP you need to write your own ACLs. Please check the manual of your LDAP server for instructions.