[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: updates to userPassword, slap_passwd
- To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Subject: Re: updates to userPassword, slap_passwd
- From: samuel gipe <sgipe@yahoo.com>
- Date: Thu, 6 Jul 2006 12:08:40 -0700 (PDT)
- Cc: openldap-software@OpenLDAP.org
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=GRObBesPV6YD1NvHDaOAA2xxhGstHjtbaehpREXeC/Kk1kUehagk9WxuOGWlLoEVR/dXb6OwAKSLBLFk8MmG4u+H8YSc3GRSVkJoZkhzXNZb022kZNP7E/fVQ2WtetgZ1RD85IUrWdSzM425P+1ubEq3ds6oW6olNQTcOaeLPrk= ;
- In-reply-to: <7.0.1.0.0.20060705161342.04497990@OpenLDAP.org>
Thanks for your help. I have a few follow up questions:
1) Does the server/slap_passwd generate an arbitrary password if no new
password is given?
2) Are the strings "id" and "new" (following "PASSMOD") indicative of the
client sending the userIdentity and new password?
3) If the logs don't show the serve using slap_passwd (as in those of our
primary), what does the server use to generate a new password? Does
slap_passwd pay attention to ppolicy?
FWIW, it looks like the client provides the userIdentity and new password to
the secondary, but fails to provide the same info when it chases the referral.
Log excerpts from our primary and secondary servers, with my commentary:
#### Client hits secondary, provides userIdentity and new password:
Jul 6 10:58:57 sec-ldap101 slapd[18160]: conn=0 op=6 PASSMOD
id="uid=sam,ou=People,dc=ourcompany,dc=com" new
Jul 6 10:58:57 sec-ldap101 slapd[18160]: daemon: activity on 1 descriptor
Jul 6 10:58:57 sec-ldap101 slapd[18160]: >>> dnPrettyNormal:
<uid=sam,ou=People,dc=ourcompany,dc=com>
Jul 6 10:58:57 sec-ldap101 slapd[18160]: daemon: activity on:
Jul 6 10:58:57 sec-ldap101 slapd[18160]: <<< dnPrettyNormal:
<uid=sam,ou=People,dc=ourcompany,dc=com>,
<uid=sam,ou=people,dc=ourcompany,dc=com>
Jul 6 10:58:57 sec-ldap101 slapd[18160]:
Jul 6 10:58:57 sec-ldap101 slapd[18160]:
bdb_dn2entry("uid=sam,ou=people,dc=ourcompany,dc=com")
Jul 6 10:58:58 sec-ldap101 slapd[18160]: daemon: select: listen=7
active_threads=1 tvp=zero
Jul 6 10:58:58 sec-ldap101 slapd[18160]: send_ldap_extended: err=10 oid= len=0
Jul 6 10:58:58 sec-ldap101 slapd[18160]: daemon: select: listen=8
active_threads=1 tvp=zero
Jul 6 10:58:58 sec-ldap101 slapd[18160]: send_ldap_response: msgid=7 tag=120
err=10
#### Secondary provides referral
Jul 6 10:58:58 sec-ldap101 slapd[18160]: send_ldap_response:
ref="ldap://prim-ldap101.ourcompany.com"
Jul 6 10:58:58 sec-ldap101 slapd[18160]: conn=0 op=6 RESULT oid= err=10 text=
#### Client hits primary, does not provide userIdentity and new password:
Jul 6 10:59:04 prim-ldap101 slapd[12073]: conn=0 op=2 PASSMOD
Jul 6 10:59:04 prim-ldap101 slapd[12073]: daemon: activity on 1 descriptor
Jul 6 10:59:04 prim-ldap101 slapd[12073]:
bdb_dn2entry("uid=sam,ou=people,dc=ourcompany,dc=com")
Jul 6 10:59:04 prim-ldap101 slapd[12073]: daemon: activity on:
#### Primary updates password using slap_passwd (unknown password).
Jul 6 10:59:04 prim-ldap101 slapd[12073]: slap_passwd_generate
Jul 6 10:59:04 prim-ldap101 slapd[12073]:
Jul 6 10:59:04 prim-ldap101 slapd[12073]: slap_passwd_return: 8
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com