java修改ldap用户密码_LDAP 用户更改自己的密码
LDAP中采用了ACL的權(quán)限控制。
在/etc/openldap/slapd.conf文件中:#
#?See?slapd.conf(5)?for?details?on?configuration?options.
#?This?file?should?NOT?be?world?readable.
#
include/etc/openldap/schema/corba.schema
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/duaconf.schema
include/etc/openldap/schema/dyngroup.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/java.schema
include/etc/openldap/schema/misc.schema
include/etc/openldap/schema/nis.schema
include/etc/openldap/schema/openldap.schema
include/etc/openldap/schema/ppolicy.schema
include/etc/openldap/schema/collective.schema
#?Allow?LDAPv2?client?connections.??This?is?NOT?the?default.
allow?bind_v2
#?Do?not?enable?referrals?until?AFTER?you?have?a?working?directory
#?service?AND?an?understanding?of?referrals.
#referralldap://root.openldap.org
pidfile/var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
#?Load?dynamic?backend?modules
#?-?modulepath?is?architecture?dependent?value?(32/64-bit?system)
#?-?back_sql.la?overlay?requires?openldap-server-sql?package
#?-?dyngroup.la?and?dynlist.la?cannot?be?used?at?the?same?time
#modulepath?/usr/lib/openldap
#?modulepath?/usr/lib64/openldap
#?moduleload?accesslog.la
#?moduleload?auditlog.la
#?moduleload?back_sql.la
#?moduleload?chain.la
#?moduleload?collect.la
#?moduleload?constraint.la
#?moduleload?dds.la
#?moduleload?deref.la
#?moduleload?dyngroup.la
#?moduleload?dynlist.la
#?moduleload?memberof.la
#?moduleload?pbind.la
#?moduleload?pcache.la
#?moduleload?ppolicy.la
#?moduleload?refint.la
#?moduleload?retcode.la
#?moduleload?rwm.la
#?moduleload?seqmod.la
#?moduleload?smbk5pwd.la
#?moduleload?sssvlv.la
#?moduleload?syncprov.la
#?moduleload?translucent.la
#?moduleload?unique.la
#?moduleload?valsort.la
#?The?next?three?lines?allow?use?of?TLS?for?encrypting?connections?using?a
#?dummy?test?certificate?which?you?can?generate?by?running
#?/usr/libexec/openldap/generate-server-cert.sh.?Your?client?software?may?balk
#?at?self-signed?certificates,?however.
TLSCACertificatePath?/etc/openldap/certs
TLSCertificateFile?"\"OpenLDAP?Server\""
TLSCertificateKeyFile?/etc/openldap/certs/password
#?Sample?security?restrictions
#Require?integrity?protection?(prevent?hijacking)
#Require?112-bit?(3DES?or?better)?encryption?for?updates
#Require?63-bit?encryption?for?simple?bind
#?security?ssf=1?update_ssf=112?simple_bind=64
#?Sample?access?control?policy:
#Root?DSE:?allow?anyone?to?read?it
#Subschema?(sub)entry?DSE:?allow?anyone?to?read?it
#Other?DSEs:
#Allow?self?write?access
#Allow?authenticated?users?read?access
#Allow?anonymous?users?to?authenticate
#Directives?needed?to?implement?policy:
#?access?to?dn.base=""?by?*?read
#?access?to?dn.base="cn=Subschema"?by?*?read
#下面的控制權(quán)限的語(yǔ)句。
access?to?dn.subtree="ou=People,dc=bawo,dc=cn"?attrs=userPassword,shadowLastChange
by?dn="cn=admin,dc=bawo,dc=cn"?write
by?self?write
by?anonymous?auth
by?*?read
#access?to?attrs=uid,uidNumber,gidNumber,memberUid
#by?*?read
#?if?no?access?controls?are?present,?the?default?policy
#
#?allows?anyone?and?everyone?to?read?anything?but?restricts
#?updates?to?rootdn.??(e.g.,?"access?to?*?by?*?read")
#
#?rootdn?can?always?read?and?write?EVERYTHING!
#?enable?on-the-fly?configuration?(cn=config)
database?config
access?to?*
by?dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"?manage
by?*?none
#?enable?server?status?monitoring?(cn=monitor)
database?monitor
access?to?*
by?dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"?read
by?dn.exact="cn=admin,dc=bawo,dc=cn"?read
by?*?none
#######################################################################
#?database?definitions
#######################################################################
databasebdb
suffix"dc=XX,dc=cn"
checkpoint1024?15
rootdn"cn=admin,dc=XX,dc=cn"
#?Cleartext?passwords,?especially?for?the?rootdn,?should
#?be?avoided.??See?slappasswd(8)?and?slapd.conf(5)?for?details.
#?Use?of?strong?authentication?encouraged.
rootpw123456
#?rootpw{crypt}ijFYNcSNctBYg
#?The?database?directory?MUST?exist?prior?to?running?slapd?AND
#?should?only?be?accessible?by?the?slapd?and?slap?tools.
#?Mode?700?recommended.
directory/var/lib/ldap
#?Indices?to?maintain?for?this?database
index?objectClass???????????????????????eq,pres
index?ou,cn,mail,surname,givenname??????eq,pres,sub
index?uidNumber,gidNumber,loginShell????eq,pres
index?uid,memberUid?????????????????????eq,pres,sub
index?nisMapName,nisMapEntry????????????eq,pres,sub
添加完上面的語(yǔ)句后,然后需要更新這個(gè)配置文件到ldap的服務(wù)中。service?slapd?stop
rm?-rf?/etc/openldap/slapd.d/
chown?-R?ldap:ldap?/var/lib/ldap
chown?-R?ldap:ldap?/etc/openldap/
#測(cè)試并生成配置文件:
slaptest??-f?/etc/openldap/slapd.conf?-F?/etc/openldap/slapd.d
#返回config?file?testing?succeeded,則配置成功。
chown?-R?ldap:ldap?/etc/openldap/slapd.d
service?slapd?restart
完成之后,就把LDAP的權(quán)限設(shè)置成功了。用戶可以在phpLDAPadmin中自行修改自己的密碼了。
其他設(shè)置項(xiàng)目可以自行探索。
其他權(quán)限設(shè)置參考
總結(jié)
以上是生活随笔為你收集整理的java修改ldap用户密码_LDAP 用户更改自己的密码的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Java编程作业体会_Java作业的几点
- 下一篇: [转载] 1022 D进制的A+B (2