Changing LDAP User’s Password Web-Based / 389-ds / Redhat-ds / Fedora-DS / LDAP

Hello,

This article will show you how to change password of LDAP Users.

In This Article, I have demonstrated that How to change your Password for those users which are in 389-ds or Redhat-ds.

This is very simple you just need to change few parameters and You will able to change password of Ldap users from 389-ds.

Note :- If you have not Customized LDAP Attributes or Access Rights for Changing Password then it will work, I have Successfully tested the same on RHEL / CentOS 5.x / CentOS 6.x / RHEL 6.x and 389-ds.

Perform Following steps for the same.

Step 1:- Make Sure your LDAP Configured and You have correct Suffix ( i.e dc=tejasbarot,dc=com )

Step 2 :- Make Sure php-ldap Package is installed.

[root@tejas-barot-linux-support-ahmedabad ~]# yum install php-ldap

Step 3 :- Download the Following PHP Script, Thanks to the Original Script I have Modified Suffix for Understanding Purpose.

[root@tejas-barot-linux-support-ahmedabad ~]# wget -c http://www.tejasbarot.com/Scripts/ldap_pass_change.phps

Steps 4:- Now Rename the Script from ldap_pass_change.phps to ldap_pass_change.php

Step 5 :- Now Modify the Suffix in .php file, Open PHP File and Modify 3rd Line which Contains $dn

Change $dn 
from 
$dn = "dc=tejasbarot,dc=com"
TO
$dn = "dc=your,dc=suffix"
Save and Exit from File

Step 6:- Put this Script to your WebRoot Directory (i.e. /var/www/html/ )

Step 7:- Make Sure That PHP Script is executable by your Webserver through URL (i.e. http://ldap.tejasbarot.com or http://localhost/ldap_pass_change.php or http://192.168.1.10/ldap_pass_change.php )

You will able to see Following Screen :-

LDAP Change Password
LDAP Change Password

 

Step 6:- Now Put Values Like Below Screen Shot :-

 

Fill the Text Boxes
Fill the Text Boxes

 

Step 7 :- Once Password get changed, You will get a Notifications like below :-

 

Successful Password Change
Successful Password Change

 

Thanks to Original Script :- http://www.warden.pl/docs/pass.phps

Hope this will helps you all, If you face any issue regarding the same or its not working for your some how then please raise your questions / issues then comment down below.

If you like this then Please Click Google +1 Button and Show Your Support. Your Support will encourage me to write more articles.

All Linux User’s Blog Mobile Applications :- http://www.tejasbarot.com/download-mobile-apps/

Please Keep in Touch with Social Networking :- 

Facebook Page :- https://www.facebook.com/AllLinuxUsersBlog

Enjoy LDAP 🙂 Enjoy Changing Passwords 🙂 Enjoy Linux 🙂 Enjoy Open Source

 

Sudo with LDAP on RHEL 5 | RHDS | Red Hat Directory Server | OpenLDAP | Linux

Hello Friends,

On Internet this Post Known as :- Configuring sudoers with Red Hat Directory Server | Fedora Directory Server | Open Source | Linux

Yesterday at office i was trying to configure sudo with LDAP. To Configure SUDO with LDAP I have used RHEL 5 and with RHEL i have used Red Hat Directory Server and OpenLDAP with the same.

I was very shocked by Results because i was not sure that i will able to do it this in atleast 2 days, but as i said i was shocked by results that i was able to configured and get it working within 15-20 Minutes.

Requirement :- Users should authenticate with LDAP.

# cd /usr/share/doc/sudo-1.6.9p17/

Hello Friends,

Yesterday at office i was trying to configure sudo with LDAP. To Configure SUDO with LDAP I have used RHEL 5 and with RHEL i have used Red Hat Directory Server and OpenLDAP with the same.

I was very shocked by Results because i was not sure that i will able to do it this in atleast 2 days, but as i said i was shocked by results that i was able to configured and get it working within 15-20 Minutes.

Requirement :- Users should authenticate with LDAP.

# cd /usr/share/doc/sudo-1.6.9p17/

[root@station15 sudo-1.6.9p17]# ls
BUGS     HISTORY  README       sample.pam      sample.syslog.conf  schema.OpenLDAP  sudoers.pod  TROUBLESHOOTING  visudo.pod
CHANGES  LICENSE  README.LDAP  sample.sudoers  schema.iPlanet      sudoers2ldif     sudo.pod     UPGRADE
[root@station15 sudo-1.6.9p17]# cp schema.iPlanet /etc/dirsrv/schema/99sudo.ldif
[root@station15 sudo-1.6.9p17]# cp schema.iPlanet /etc/dirsrv/slapd-`hostname -s`/schema/99sudo.ldif
[root@station15 sudo-1.6.9p17]# /etc/init.d/dirsrv restart
Shutting down dirsrv:
station15…                                           [  OK  ]
Starting dirsrv:
station15…                                        [  OK  ]
[root@station15 sudo-1.6.9p17]# /etc/init.d/dirsrv-admin restart
Shutting down dirsrv-admin:
[  OK  ]
Starting dirsrv-admin:                                                            [  OK  ]
### Create LDIF Which contains below conetnt
[root@station15 ~]# cat sudoers.ldif
dn: ou=SUDOers,dc=station15,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: SUDOers
[root@station15 ~]# ldapadd -x -c -W -f sudoers.ldif
root@station15 ~]# cd /usr/share/doc/sudo-1.6.9p17/
[root@station15 sudo-1.6.9p17]# ls
BUGS     HISTORY  README       sample.pam      sample.syslog.conf  schema.OpenLDAP  sudoers.pod  TROUBLESHOOTING  visudo.pod
CHANGES  LICENSE  README.LDAP  sample.sudoers  schema.iPlanet      sudoers2ldif     sudo.pod     UPGRADE
[root@station15 sudo-1.6.9p17]# chmod +x sudoers2ldif
[root@station15 ~]# SUDOERS_BASE=ou=SUDOers,dc=example,dc=com
[root@station15 ~]# SUDOERS_BASE=ou=SUDOers,dc=station15,dc=example,dc=com
[root@station15 ~]# export SUDOERS_BASE
[root@station15 ~]# echo $SUDOERS_BASE
ou=SUDOers,dc=station15,dc=example,dc=com
[root@station15 sudo-1.6.9p17]# ./sudoers2ldif /etc/sudoers > /tmp/sudousers.ldif
[root@station15 sudo-1.6.9p17]# ll /tmp/
total 76
-rw-r–r– 1 root root  2509 Sep  9 18:33 base.ldif
-rw-r–r– 1 root root  1639 Sep  9 17:56 buildscript
-rw-r–r– 1 root root  7388 Sep  9 18:34 group.ldif
-rw-r–r– 1 root root 17976 Sep  9 18:34 passwd.ldif
-rw——- 1 root root  9760 Sep  9 18:01 setupUP3wwp.log
-rw-r–r– 1 root root  1517 Sep  9 18:30 sudousers.ldif
[root@station15 sudo-1.6.9p17]# cd
[root@station15 ~]# mv /tmp/sudousers.ldif .
[root@station15 ~]# ldapadd -x -c -W -f sudousers.ldif
Enter LDAP Password:
adding new entry “cn=defaults,ou=SUDOers,dc=station15,dc=example,dc=com”

adding new entry “cn=root,ou=SUDOers,dc=station15,dc=example,dc=com”

adding new entry “cn=tejasbarot,ou=SUDOers,dc=station15,dc=example,dc=com”

adding new entry “cn=visitor,ou=SUDOers,dc=station15,dc=example,dc=com”

adding new entry “cn=linux-support,ou=SUDOers,dc=station15,dc=example,dc=com”

adding new entry “cn=ahmedabad,ou=SUDOers,dc=station15,dc=example,dc=com”

# Configure your client to authenticate with your LDAP Server

[root@station15 ~]# authconfig –enableldap –ldapserver=station15.example.com –ldapbasedn=dc=station15,dc=example,dc=com –disableldapssl –disableldaptls –update
[root@station15 ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
student:x:500:500::/home/student:/bin/bash
visitor:x:501:501::/home/visitor:/bin/bash
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
apache:x:48:48:Apache:/var/www:/sbin/nologin
linux-support:x:502:502::/home/linux-support:/bin/bash
tejasbarot:x:503:503::/home/tejasbarot:/bin/bash
ahmedabad:x:505:505::/home/ahmedabad:/bin/bash
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47:mailnull:/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51:smmsp:/var/spool/mqueue:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
pcap:x:77:77:pcap:/var/arpwatch:/sbin/nologin
ntp:x:38:38:ntp:/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42:gdm:/var/gdm:/sbin/nologin
avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
student:x:500:500:student:/home/student:/bin/bash
visitor:x:501:501:visitor:/home/visitor:/bin/bash
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
apache:x:48:48:Apache:/var/www:/sbin/nologin
linux-support:x:502:502:linux-support:/home/linux-support:/bin/bash
tejasbarot:x:503:503:tejasbarot:/home/tejasbarot:/bin/bash
ahmedabad:x:505:505:ahmedabad:/home/ahmedabad:/bin/bash
[root@station15 ~]# echo “SUDOERS_BASE ou=SUDOers,dc=station15,dc=example,dc=com” >> /etc/ldap.conf
[root@station15 ~]# echo “sudoers: ldap” >> /etc/nsswitch.conf

######### Now Just remove entries from visudo file and Login using LDAP Authentication and just execute below command
[tejasbarot@station15 ~]$ sudo -l
Enter your password when it ask you for the password and you will able to see results as below :-
udo: unknown defaults entry `env_keep ‘ referenced near line 1
User root may run the following commands on this host:
(ALL) ALL

LDAP Role: root
RunAs: (ALL)
Commands:
ALL

[tejasbarot@station15 ~]$ sudo /etc/init.d/network restart
sudo: unknown defaults entry `env_keep ‘ referenced near line 1
Password:
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0… done.
[  OK  ]

That’s It.

I hope this will helps you all, If you face any issue regarding the same or its not working for your some how then please raise your questions / issues at http://linuxforums.tejasbarot.com

If you like this then Please Click Google +1 Button and Show Your Support. Your Support will encourage me to write more articles.

All Linux User’s Blog Mobile Applications :- http://www.tejasbarot.com/download-mobile-apps/

Please Keep in Touch with Social Networking :- 

Facebook Page :- https://www.facebook.com/AllLinuxUsersBlog

Enjoy Sudo with LDAP 🙂 Enjoy RHDS 🙂 Enjoy Linux 🙂 Enjoy Open Source 🙂

Passed RHCSS (RH423) Exam @ Ahmedabad, Gujarat

Hello Friends,

We all students are feeling special as well as some tension because it was a first batch and first Linux Institute who are going to conduct RHCSS (RH423) Examination for the First time in Ahmedabad, Gujarat.

On 27th Feb, 2010. I have given Exam for RHCSS (RH423) Exam. Exam Duration 4 Hrs. First Exam was scheduled at 11:00 a.m. We all students are waiting eagerly [ with some tension :) ]. Examiner was there from 8:00 a.m. He was setting up servers for examination.

We all are waiting for his call….. @ 11:00 a.m. He came out and with a nice smile he just called us for the Examination. Once we entered into the classroom. We Were feeling the heat. We all knows this is going to be tough. Once I read the Question Paper and My tension and pressure was completely gone away.

We have done enough Book Exercises So Pressure was gone away within First 30 Minutes of Examination.

Finally, We have completed examination for RH423. It was a great experience to pass this exam. This Certification feel something special.

Result came after loooonnnnnnggggggg wait of 3 Days. Result was PASS. It was great Feeling after i have read “Tejas Barot has PASSED the EX423 EXAMINATION”

Wish me luck for RH333, RH429.