Hi,
We have two LDAP servers. Whenever we get a ticket to reset the password, we login to LDAP primary server and reset the password. For below example, I logged into primary LDAP server and resetting password to john to Welcome123#
We are giving this work to tier-1 team, so that they can reset these password themself. But I don't want them to have full access or if possible, not able to see the password of Manager, as it is shown in plain text here. It is achievable ?
If no, we can live with it. But don't want to have them root access. This command will run by root, so probably I can give sudo access to their team for "/export/home/ldap/OpenDS-2.2.1/bin/ldappasswordmodify" ?
[root@ldap-serv1 ~]# /export/home/ldap/OpenDS-2.2.1/bin/ldappasswordmodify -h localhost -p 1636 -Z -X -a 'uid=john,ou=People,dc=abc,dc=com' -n Welcome123# -D 'cn=Manager' -w hdfrevfd87663FreY
The LDAP password modify operation was successful
[root@ldap-serv1 ~]#
Thanks