CODEWITHSUNDEEP
ldapopenldap
Daniel Tillman
Daniel Tillman

Reputation: 11

(openldap) ldappasswd command doesn't work with uid, but does with cn=full name

I am attempting to add passwords to 1300 users in my OpenLDAP server for work.

I can add a password to a user if I utilize the following command

ldappasswd -s newpasswd -w adminpw -D "cn=admin,dc=school,dc=private" "cn=test user,dc=school,dc=private"

I have 1300+ people that I am adding passwords for though, and some users have duplicate names but different uids.

I do the following command when trying to use the UID but it doesn't find the user. The command is the same except for switching cn=test user for uid=testu.

ldappasswd -s newpasswd -w adminpw -D "cn=admin,dc=school,dc=private" "uid=testu,dc=school,dc=private"

According to all of the guides I've seen online this should work. Why do I get a No such object (32) error?

Just to note I am working on a test server for the moment. The user is made up for test purposes. "cn=Test User" "uid=testu" "uidNumber=1001" The user is in the base of the ldap "dc=school,dc=private" There is one group called "People" with a gid=501

I used http://www.thegeekstuff.com/2015/02/openldap-add-users-groups/ for a guide along with https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities#various-other-ldap-commands

I am an ldap novice when it comes to adding users/modifying them, but I did build the servers, did set up replication between them and added TLS encryption for them.

Upvotes: 1

Views: 2146

Answers (1)

marabu
marabu

Reputation: 1196

Each LDAP entry is a collection of attributes which are name-value pairs. Usually, you pick a single attribute in the form name=value as the Relative Distinguished Name (RDN) of the entry. Wisely, you pick an attribute with a unique value.

All entries are nodes in a Directory Information Tree (DIT). The path to an entry consists of a sequence of RDNs joined by commas in leaf-to-root (left-to-right) order by convention. This path is called Distinguished Name (DN) and is used to identify the user in the DIT.

As you chose the RDN to be cn=test user you can't address the user with DN uid=testu, dc=school, dc=private, even though an attribute uid with value testu is part of the user entry.

Upvotes: 0

Related Questions