Giving password reset access to non-root user, in LDAP
Hi,
We have two LDAP servers. Whenever we get a ticket to reset the password, we login to LDAP primary server and reset the password. For below example, I logged into primary LDAP server and resetting password to john to Welcome123#
We are giving this work to tier-1 team, so that they can reset these password themself. But I don't want them to have full access or if possible, not able to see the password of Manager, as it is shown in plain text here. It is achievable ?
If no, we can live with it. But don't want to have them root access. This command will run by root, so probably I can give sudo access to their team for "/export/home/ldap/OpenDS-2.2.1/bin/ldappasswordmodify" ?
Code:
[root@ldap-serv1 ~]# /export/home/ldap/OpenDS-2.2.1/bin/ldappasswordmodify -h localhost -p 1636 -Z -X -a 'uid=john,ou=People,dc=abc,dc=com' -n Welcome123# -D 'cn=Manager' -w hdfrevfd87663FreY
The LDAP password modify operation was successful
[root@ldap-serv1 ~]#
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
You can build a wrapper to permit people to reset user passwords without any need to expose underlying credentials.
There are myriad ways to do this and these kind of "wrapper apps" are very common, often written in conjunction with additional custom security and logging.
Hi ,
I ve a question about the Linux system root password change.
Which can be done using grub menu without inputting the old password.:confused:
So If anybody can change the root password without any password and then how it is secure. Anybody can manipulate the other user using the... (6 Replies)
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Hi All,
I just found one thread on this forum on this subject here:
Forgot MYSQL password root | Unix Linux Forums | Web Development
but unfortunately the issue was not resolved.
I have the same problem with the same error message.
The background is that I built a Solaris 11 x86 server... (11 Replies)
I need some help with Fedora. I am trying to reset the root password. When I tried to login I was not able to. I kept getting the authentication failure message. I got the password reset success message.
passwd: all authentication tokens updated successfully.
I then thought maybe the root... (6 Replies)
How to change the ldap root password.
I have generated the password by using "slappasswd " command, but In my root machine "/etc/ldap/sldap.d" file is not there. instead of the file sldap.d directory only is there. please help me...? (0 Replies)
Hi All,
I have created an RPM installer and installed it via ROOT user & which works fine on Red Hat.
But the problem oocurs when a non root users try to run that application (from their account), it never got executed (being it has the execute permission i.e. chmod a+x somefile.sh).
I want... (6 Replies)
I'm fairly inexperienced with LDAP and DSEE so to build my skills I installed directory server in the global zone of my Sol 10/u7 machine and created a zone to use as a client. For some reason when I try to change a users password as root (in the client zone) with passwd -r ldap I am prompted for... (1 Reply)
Hi,
My root password for mysql has some problem as it dosent allow me to login....
all commands to reset it failed. so I removed mysql
yum remove mysql
and installed it by
yum install mysql mysql-devel mysql-server
and it installed fine
I gave chkconfig --levels 235 mysqld on... (1 Reply)
Hi all,
This is first time I met unix in my life. I purchased old Scanning Elecron Microscope which came with 486/33MHz PC running Unix System V, ver. 3.6. The one simple user name/passw is known so I can boot and login. But can not shutdown! It asks root or su passw. I'm very sensitive not to... (6 Replies)
Hey all,
I'm looking for a script to auto-generate a password for users that forget their password.
Currently, we are using a perl script (with cgi-bin) where users update their password, but would like to add to this and make it so that the users can also request a password reset and a... (1 Reply)
