From 6b7cbc128fb9b989a09d8528d6fc8e7aebf03f93 Mon Sep 17 00:00:00 2001 From: Marisa Date: Thu, 2 Oct 2025 11:47:42 -0400 Subject: [PATCH] Update README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5ca5892..1fd95dd 100644 --- a/README.md +++ b/README.md @@ -217,7 +217,7 @@ _newpasswd_ being the new password we want to use. We can also notice the hashed In the likely common event that we forgot the old password of an specific user, we need to reset it.\ In this example we forgot the password of the user uid marisa, we can reset it with this command: ``` -root@example:/etc/ldap# ldappasswd -H ldap:/// -x -D "cn=admin,dc=example,dc=com" -W -S "uid=marisa,ou=Supergirls,dc=example,dc=com" +root@example:/# ldappasswd -H ldap:/// -x -D "cn=admin,dc=example,dc=com" -W -S "uid=marisa,ou=Supergirls,dc=example,dc=com" New password: newpasswd Re-enter new password: newpasswd Enter LDAP Password: admin @@ -226,7 +226,7 @@ Note we need to use the **root** password (_admin_ by default) in the last query \ If we want to change the password as the user marisa, we need to use the user's _plain password_ we entered when we created it: ``` -root@example:/etc/ldap# ldappasswd -H ldap:/// -x -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -w _plain password_ -s newpassword "uid=marisa,ou=Supergirls,dc=example,dc=com" +root@example:/# ldappasswd -H ldap:/// -x -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -w _plain password_ -s newpassword "uid=marisa,ou=Supergirls,dc=example,dc=com" ``` With this commmand we changed the user marisa password's from _plain password_ to literally "newpassword", change this as needed.\ `Note we first changed the password interactively (being prompted) using the -W parameter, and later used -w to change it non interactively.` @@ -236,7 +236,7 @@ With this commmand we changed the user marisa password's from _plain password_ t we already created the user (_uid_) marisa, and established the user's own password using slappasswd\ now we are gonna query our LDAP server using the user (_uid_) marisa credentials, and _the password we entered during slappasswd, called plain password (plainpasswd)_ ``` -root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd +root@example:/# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd # extended LDIF # # LDAPv3 @@ -260,7 +260,7 @@ dn: ou=Supergirls,dc=example,dc=com we can narrow this search to get only specific attributes of the user marisa, remember we are using _the plainpasswd when asked_ ``` -root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd givenName uidNumber gidNumber homeDirectory +root@example:/# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd givenName uidNumber gidNumber homeDirectory # extended LDIF # # LDAPv3 @@ -533,7 +533,7 @@ ldap_bind: Invalid credentials (49) ``` Let's checkout as administrator if the user has some pwd* attributes... ``` -root@example:/etc/ldap/slapd.d# ldapsearch -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -b "uid=reimu,ou=Supergirls,dc=example,dc=com" "(objectclass=*)" pwdFailureTime pwdAccountLockedTime +root@example:/# ldapsearch -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -b "uid=reimu,ou=Supergirls,dc=example,dc=com" "(objectclass=*)" pwdFailureTime pwdAccountLockedTime # extended LDIF # # LDAPv3 @@ -552,14 +552,14 @@ pwdAccountLockedTime: 20251002133529Z The user has been locked out. It cannot do anything using it's user and password. If we want to unlock it, to give it a clean slate, create the following file ``` -root@example:/etc/ldap/slapd.d# vim unlock_reimu.ldif +root@example:/# vim unlock_reimu.ldif dn: uid=reimu,ou=Supergirls,dc=example,dc=com changetype: modify delete: pwdAccountLockedTime ``` Execute the file to unlock the user ``` -root@example:/etc/ldap/slapd.d# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f unlock_reimu.ldif +root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f unlock_reimu.ldif modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" ``` To understand the pwdFailureTime and pwdAccountLockedTime, before when doing our search we got:\