[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: configure OpenLDAP to allow directory users - change pass



You mean like so: ldappasswd -x -D cn=annem,dc=mydomain,dc=com

I also tried: ldappasswd -x -D cn=annem,dc=mydomain,dc=com -w newpassword

Yes, I tried that. No dice. It gives me an error:

"additional info: unauthenticated bind (DN with no password) disallowed"

Which of course means the regular user isn't allowed to bind to their own
account and their password. So, I'm back to the drawing board. I still can't
figure out how to change slapd.conf to enable regular users to change their
own passwords...

Bugger... 

-----Original Message-----
From: Gavin Henry [mailto:ghenry@suretecsystems.com] 
Sent: Friday, September 14, 2007 11:52 AM
To: Anne Moore
Cc: openldap-software@openldap.org
Subject: RE: configure OpenLDAP to allow directory users - change pass

<quote who="Anne Moore">
> Haha, yah perhaps so! However, that didn't work either. Now I just get 
> another set of errors:
>
> "Result: Strong(er) authentication required (8) Additional info: only 
> authenticated users may change passwords"
>
> This is a major pain in the butt...
>
> I just wish there was documentation on there on the basics of this 
> setup, but so far, I've found nothing...

Did you bind as the user you were changing the password for? with -x -D -W ?

>
> Thanks anyway
>
> -----Original Message-----
> From: Gavin Henry [mailto:ghenry@suretecsystems.com]
> Sent: Friday, September 14, 2007 11:20 AM
> To: Anne Moore
> Cc: openldap-software@openldap.org
> Subject: RE: configure OpenLDAP to allow directory users - change pass
>
> <quote who="Anne Moore">
>> We've tried the ldappasswd on the clients and receive this error:
>
> ldappasswd -x
>
> You're going to have to try a bit harder ;-)
>
>>
>> "ldap_sasl_interactive_bind_s: Internal (implementation specific) 
>> error
>> (80)
>> additional info: SASL(-13): user not found: no secret in database"
>>
>> Obviously something is not configure correctly.
>>
>> Any ideas on this error?
>>
>> Thank you
>>
>> Anne
>>
>> -----Original Message-----
>> From: openldap-software-bounces+diabeticithink=yahoo.com@OpenLDAP.org
>> [mailto:openldap-software-bounces+diabeticithink=yahoo.com@OpenLDAP.o
>> r
>> g]
>> On
>> Behalf Of Kurt Zeilenga
>> Sent: Friday, September 14, 2007 2:20 AM
>> To: Anne Moore
>> Cc: openldap-software@openldap.org
>> Subject: Re: configure OpenLDAP to allow directory users - change 
>> pass
>>
>>
>> On Sep 13, 2007, at 3:12 PM, Anne Moore wrote:
>>
>>> Hi All
>>>
>>> Does anyone know how to configure OpenLDAP to allow directory users 
>>> to change their own passwords?
>>>
>>> I've using Openldap-2.2.13-7.4E (on my RedHat server)
>>>
>>> As it is now, I have to change everyone's directory password for 
>>> them and the security department isn't liking it.
>>
>> What do ldappasswd(1) and/or ldapmodify(1) say when changing the 
>> directory user's password when run as the user (instead of you or the 
>> Directory Manager)?
>>
>> Note: If the users are using some other software, you might have a 
>> problem with that software.  But before raising an issue (on a list 
>> about the other software, not here) you should make sure things work 
>> using only OpenLDAP Software.  So, even if your users aren't using 
>> these tools, you should test with them (as a user) before doing 
>> anything else.
>>
>> -- Kurt
>>
>>
>
>