[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with allowing users to change their own passwords



Thanks for the reply.  While the system wasn't logging anything to the
messages
file, I trussed the passwd command and saw it was indeed looking in the
/var/ldap
files, so I think you hit the nail right on the head!  

I was just able to get the ldappasswd command to work, but I've got to try
to 
figure out now how to make it store what the user types in in {crypt}
format,
because while it looks like the password changed, that user can't log in at
all,
so it must be getting stored the wrong way.  I'll try to google it but if
anyone
has had this problem and solved it, please let me know how :)

-----Original Message-----
From: Kelly Sauke [mailto:ksauke@fastenal.com]
Sent: Tuesday, May 20, 2003 10:50 AM
To: openldap-software@OpenLDAP.org
Cc: Lawrence, Mike (White Plains)
Subject: Re: Problems with allowing users to change their own passwords


Look in /var/adm/messages.  There is probably something in there stating 
that its trying to use the native ldap client when using the passwd 
command.   I've been struggling with the same thing and have come to the 
conclusion that for passwd to work, you need to write a wrapper around 
it that will contact the openldap server via /etc/ldap.conf instead of 
using the solaris native ldap client.  Just a guess though, I'm still 
pretty green when it comes to the solaris ldap stuff.

KS

Lawrence, Mike (White Plains) wrote:

>Hi - I am using openldap on some Solaris 8 hosts.  So far I am just using
it
>to be able
>to authenticate users via ssh.  I've got it up and working, with SSL/TLS
>(using the padl
>nss and pam ldap modules).
>
>I've run into a problem now though that has me stumped.  No matter how I
try
>to play with
>ACLs in the slapd.conf file, users aren't able to change their own
>passwords.  The current
>ACLs I have in place are as follows:
>
>access to attr=userPassword
>        by self write
>        by anonymous auth
>        by * none
>access to *
>        by self write
>        by * read
>
>Here is what happens when I ssh in as an ldap user and use the "passwd"
>command:
>
>  
>
>>passwd
>>    
>>
>passwd:  Changing password for barney
>Enter login(LDAP) password: 
>New password: 
>Re-enter new password: 
>passwd (LDAP): Couldn't change passwd/attributes for barney
>Permission denied
>
>I'm not sure if it's an ACL related issue or not, because the same thing
>happens even with
>these ACLs:
>
>access to * by * write
>access to * by * auth
>access to * by * read
>
>Is there something else I'm missing that might bear on Solaris 8's passwd
>command and 
>openldap and/or the padl pam/nss modules?    If there's any other
>information I can give to
>help troubleshoot this please let me know.  Thanks in advance!
>This electronic message transmission contains information from the Company
that may be proprietary, confidential and/or privileged.
>The information is intended only for the use of the individual(s) or entity
named above.  If you are not the intended recipient, be
>aware that any disclosure, copying or distribution or use of the contents
of this information is prohibited.  If you have received
>this electronic transmission in error, please notify the sender immediately
by replying to the address listed in the "From:" field.
>
>  
>
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.