[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd question...

To: openldap-software@openldap.org
Subject: Re: ldappasswd question...
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 5 Oct 2007 19:04:07 +0200
Cc: Dan Denton <ddenton@remitpro.com>
Content-disposition: inline
In-reply-to: <000701c8076b$c9a8d800$5cfa8800$@com>
References: <000701c8076b$c9a8d800$5cfa8800$@com>
User-agent: KMail/1.9.6

On Friday 05 October 2007 18:21:29 Dan Denton wrote:
> Hello list,
>
> I've been halfway successful so far in setting up an ldap server, but have
> run into issues when setting passwords using ldappasswd. The server is RHEL
> 4, running openldap-2.2.13-7.4E (server and clients) provided by RedHat.

If you're just starting ... you may want to reconsider using an ancient 
version of openldap that is no longer supported.

There are alternatives:
http://staff.telkomsa.net/packages/rhel4/openldap/

> I've successfully gotten the server listening, and have added entries to
> the database, and can even access it from my outlook installation (browsing
> of course).
>
> When I run the following command on my ldap server, I get the following
> output:
>
> [root@TESTBED002 sbin]# ldappasswd -WS -D
> 'cn=root,ou=users,dc=remitpro,dc=local' jdoe -d 300
> New password:
> Re-enter new password:
> Enter LDAP Password:
> request 1 done
> SASL/DIGEST-MD5 authentication started
> request 2 done
> Please enter your password:
> request 3 done
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
>         additional info: SASL(-13): user not found: no secret in database
>
> The first two prompts seem pretty straightforward, in that it seems to be
> asking for the user's new password. The second and third have me stumped.
> Is the second password (LDAP Password) the bind password for the root user?
> If so, by entering that, the result is being sent straight to the final
> error message. If I hit enter (blank) at that prompt, I'm sent to the 'MD5'
> prompt, and which point anything I enter gets me the final error message.

Assuming you haven't configured SASL, and you have rootpw set in slapd.conf, 
you probably:
1)Need to use the -x flag to not use SASL
2)instead of providing jdoe, you may want to provide the DN of the user.
3)Use the correct rootdn

So, you may have more success with:

# ldappasswd -x -D cn=root,dc=remitpro,dc=local -W -S 
cn=jdoe,ou=users,dc=remitpro,dc=local

> rootdn          "cn=root,dc=remitpro,dc=local"
> rootpw          secret


> dn: cn=jdoe,ou=users,dc=remitpro,dc=local

You may want to consult the man pages ...


Regards,
Buchan

References:
- ldappasswd question...
  - From: "Dan Denton" <ddenton@remitpro.com>

Prev by Date: Re: No such object
Next by Date: Re: No such object
Index(es):
- Chronological
- Thread