Red Hat Directory Server 8.0 Administrator's Guide

The commands to stop and start the Directory Server on platforms other than Red Hat Enterprise Linux is described in

Section 3, “Starting and Stopping Servers”.

ldapmodify -h myserver -p 389 -D "cn=directory manager" -w secretpwd

dn: cn=config

changetype: modify

replace: nsslapd-pwpolicy-local: on

nsslapd-pwpolicy-local: off

This attribute can also be disabled by modifying it directly in the configuration file (dse.ldif).

1. Stop the server.

service dirsrv stop instance

2. Open the dse.ldif file in a text editor.

3. Set the value of nsslapd-pwpolicy-local to off, and save.

nsslapd-pwpolicy-local: off

4. Start the server.

service dirsrv start instance

1.2. Setting User Passwords

An entry can be used to bind to the directory only if it has a userpassword attribute and if it has

not been inactivated. Because user passwords are stored in the directory, the user passwords

can be set or reset with any LDAP operation, like ldapmodify.

For information on creating and modifying directory entries, see Chapter 2, Creating Directory

Entries. For information on inactivating user accounts, refer to Section 2, “Inactivating Users and

Roles”.

Passwords can also be set and reset in the Users and Groups area of the Administration

Server. For information on how to use the Users and Groups area, see the online help that is

available in the Red Hat Administration Server.

1.3. Password Change Extended Operation

While most passwords can be changed through the Console and other Directory Server

features or through the ldapmodify operation, there are some passwords that cannot be

changed through regular LDAP operations. These passwords may be stored outside the

Directory Server, such as passwords stored in a SASL application. These passwords can be

modified through the password change extended operation.

Setting User Passwords

255