OpenLDAP admin password after installation - linux

I installed an openLDAP server on Ubuntu 14.04 and set the admin password during the installation. But now I'm not able to connect with this password. cn=admin exists because I can see it when iI login as anonymous user. What can I do?

you can set the admin password with
sudo dpkg-reconfigure slapd
to a new one.
then you need to login with the full credentials of the admin user and the domain, like:
cn=admin,dc=test,dc=com

Run the search
ldapsearch -H ldap:// -x -s base -b "" -LLL "+"
find the dc=xxx,dc=xxx,dc=xxx and then try to run a command, for example:
ldapadd -x -W -D "cn=ldapadm,dc=xxx,dc=xxx,dc=xxx" -f /etc/openldap/slapd.d/xxxxx.ldif
many times is not the password the problem

Related

How to add new Linux user restricted to ssh tunneling with password?

I wanted to create a new user on my linux server so that he can access my postgres database through an ssh tunnel. However, I want him to restrict his access only to the ssh tunnel.
I followed these steps:
login on server as root
Create a new user with useradd new_user -M -s /bin/true
Set a password with passwd new_user
make sure that PasswordAuthentication yes is set and uncomment in /etc/ssh/sshd_config
Restart ssh with sudo systemctl reload sshd
Logout from server and login to server with new user with ssh -p 7822 new_user#my_address.com -N 5433:localhost:5432 (I am using a2hosting as a provider, where I need to use port 7822 for ssh)
However, when I try to login I get the error
Permission denied, please try again.
When I do everything like above but change step 2 into
useradd new_user -m -d /home/new_user
I can successfully login with the new user, however, I then have the possibility to actually access command line, which I try to avoid. What am I doing wrong here?
It could be that /bin/true is not available on the system. As an alternative, use the alternate /bin/false.
Both perform the same function but /bin/false tends to be used more.

sudo su - user -c still asks for original user password

I think this may be a configuration issue, but I'm looking for confirmation/suggestions.
From terminal or script, the following:
user1$ sudo su - user2 -c "pwd"
prompts me for the original user1's password. However, the following:
user1$ sudo su - user2
user2$ pwd
user2$ /home/user2
works just fine.
sudo - l is showing correct permissions for user1 to switch to user2, and I'm a bit stumped as to why passing a command in via -c argument fails, but performing each step individually works just fine.
Thanks in advance for suggestions.
From man sudoers:
runaspw
If set, sudo will prompt for the password of the user defined by the runas_default option (defaults to root) instead of the password of the invoking user when running a command or editing a file. This flag is off by default.
...
targetpw
If set, sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file. Note that this flag precludes the use of a uid not listed in the passwd database as an argument to the -u option. This flag is off by default.
You need to check your /etc/sudoers file. Add to it:
Defaults targetpw
To make sudo ask for the target use password always.

Switch user with sudo su command without asking password or sending password as argument

I need to switch to another user with sudo su -user command but I have problems with that because it was asking me password so I type something like
echo mypass | sudo -S su user and it doesn't work also.
How can I switch user without asking me password or can I send somehow password like su user -p password?

Write to stdin which asks for password

I am working on a bash script to configure openldap and add ldif script with users and groups.
How can I write the password from the bash script ?
This is the script I run when it asks for password:
ldapadd -h localhost -D "cn=admin,dc=sysadmin1,dc=hioa,dc=no" -W -x -f /etc/ldap/base.ldif
EDIT:
I tried this and created a passwd.txt file with the password:
ldapadd -h localhost -D "cn=admin,dc=sysadmin1,dc=hioa,dc=no" -W -x -y'passwd.txt' -f /etc/ldap/base.ldif
But gets this error:
Warning: Password file passwd.txt is publicly readable/writeable
ldap_bind: Invalid credentials (49)
man ldapadd.
-W
Prompt for simple authentication. This is used instead of specifying the password on the command line.
-w passwd
Use passwd as the password for simple authentication.
-y passwdfile
Use complete contents of passwdfile as the password for simple authentication.
So seems you are looking for option of -w or -y, not -W
There're two possibilities:
ldapadd reads the password from the standard input.
ldapadd reads the password directly from the current TTY.
In the first case it's enough to use something like this echo 'MySecretPassword' | ldapadd -h localhost -D "cn=admin,dc=sysadmin1,dc=hioa,dc=no" -W -x -f /etc/ldap/base.ldif. The second one is more complicated because you need a tool like expect. Check if the simple redirection works first.

Send passwort to passwd automatically

I have a script, which is installing a guest machine on a xen server.
It installs automatically.
But in one step, I'll be asked for a password.
The following happens:
Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
How can I send the password "1234" at this time?
Maybe with expect and send?
Here is the command, which executes passwd:
chroot /mnt/vms/install /usr/bin/passwd root
It's an internal server, so it must not be very secure.
I have used "chpasswd" command in script, after useradd, to do that. For example
useradd -m -s /bin/bash -u 1001 -g 1003 -G sudo newuser || exit 1
echo newuser:newuserpassword | chpasswd || exit 1
Refer to debianadmin or man page.

Resources