okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Marisa 2025-10-02 11:47:42 -04:00
parent fad035bcf4
commit 6b7cbc128f
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -217,7 +217,7 @@ _newpasswd_ being the new password we want to use. We can also notice the hashed
In the likely common event that we forgot the old password of an specific user, we need to reset it.\ In the likely common event that we forgot the old password of an specific user, we need to reset it.\
In this example we forgot the password of the user uid marisa, we can reset it with this command: In this example we forgot the password of the user uid marisa, we can reset it with this command:
``` ```
root@example:/etc/ldap# ldappasswd -H ldap:/// -x -D "cn=admin,dc=example,dc=com" -W -S "uid=marisa,ou=Supergirls,dc=example,dc=com" root@example:/# ldappasswd -H ldap:/// -x -D "cn=admin,dc=example,dc=com" -W -S "uid=marisa,ou=Supergirls,dc=example,dc=com"
New password: newpasswd New password: newpasswd
Re-enter new password: newpasswd Re-enter new password: newpasswd
Enter LDAP Password: admin Enter LDAP Password: admin
@ -226,7 +226,7 @@ Note we need to use the **root** password (_admin_ by default) in the last query
\ \
If we want to change the password as the user marisa, we need to use the user's _plain password_ we entered when we created it: If we want to change the password as the user marisa, we need to use the user's _plain password_ we entered when we created it:
``` ```
root@example:/etc/ldap# ldappasswd -H ldap:/// -x -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -w _plain password_ -s newpassword "uid=marisa,ou=Supergirls,dc=example,dc=com" root@example:/# ldappasswd -H ldap:/// -x -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -w _plain password_ -s newpassword "uid=marisa,ou=Supergirls,dc=example,dc=com"
``` ```
With this commmand we changed the user marisa password's from _plain password_ to literally "newpassword", change this as needed.\ With this commmand we changed the user marisa password's from _plain password_ to literally "newpassword", change this as needed.\
`Note we first changed the password interactively (being prompted) using the -W parameter, and later used -w to change it non interactively.` `Note we first changed the password interactively (being prompted) using the -W parameter, and later used -w to change it non interactively.`
@ -236,7 +236,7 @@ With this commmand we changed the user marisa password's from _plain password_ t
we already created the user (_uid_) marisa, and established the user's own password using slappasswd\ we already created the user (_uid_) marisa, and established the user's own password using slappasswd\
now we are gonna query our LDAP server using the user (_uid_) marisa credentials, and _the password we entered during slappasswd, called plain password (plainpasswd)_ now we are gonna query our LDAP server using the user (_uid_) marisa credentials, and _the password we entered during slappasswd, called plain password (plainpasswd)_
``` ```
root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd root@example:/# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd
# extended LDIF # extended LDIF
# #
# LDAPv3 # LDAPv3
@ -260,7 +260,7 @@ dn: ou=Supergirls,dc=example,dc=com
we can narrow this search to get only specific attributes of the user marisa, remember we are using _the plainpasswd when asked_ we can narrow this search to get only specific attributes of the user marisa, remember we are using _the plainpasswd when asked_
``` ```
root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd givenName uidNumber gidNumber homeDirectory root@example:/# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd givenName uidNumber gidNumber homeDirectory
# extended LDIF # extended LDIF
# #
# LDAPv3 # LDAPv3
@ -533,7 +533,7 @@ ldap_bind: Invalid credentials (49)
``` ```
Let's checkout as administrator if the user has some pwd* attributes... Let's checkout as administrator if the user has some pwd* attributes...
``` ```
root@example:/etc/ldap/slapd.d# ldapsearch -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -b "uid=reimu,ou=Supergirls,dc=example,dc=com" "(objectclass=*)" pwdFailureTime pwdAccountLockedTime root@example:/# ldapsearch -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -b "uid=reimu,ou=Supergirls,dc=example,dc=com" "(objectclass=*)" pwdFailureTime pwdAccountLockedTime
# extended LDIF # extended LDIF
# #
# LDAPv3 # LDAPv3
@ -552,14 +552,14 @@ pwdAccountLockedTime: 20251002133529Z
The user has been locked out. It cannot do anything using it's user and password. The user has been locked out. It cannot do anything using it's user and password.
If we want to unlock it, to give it a clean slate, create the following file If we want to unlock it, to give it a clean slate, create the following file
``` ```
root@example:/etc/ldap/slapd.d# vim unlock_reimu.ldif root@example:/# vim unlock_reimu.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com dn: uid=reimu,ou=Supergirls,dc=example,dc=com
changetype: modify changetype: modify
delete: pwdAccountLockedTime delete: pwdAccountLockedTime
``` ```
Execute the file to unlock the user Execute the file to unlock the user
``` ```
root@example:/etc/ldap/slapd.d# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f unlock_reimu.ldif root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f unlock_reimu.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
``` ```
To understand the pwdFailureTime and pwdAccountLockedTime, before when doing our search we got:\ To understand the pwdFailureTime and pwdAccountLockedTime, before when doing our search we got:\