[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password changing problems



Ron Echeverri wrote:
I've set up OpenLDAP 2.4.10 and have been using phpldapadmin for user
management.  The machines in our QA environment are set up to allow
LDAP
users to log in, and they are also able to change their password via
the
passwd command.  However, they are only able to do this once; if they
attempt it again, it bounces back with "LDAP Password incorrect: try
again".  They are able to log out and in regardless, but passwd will
not
accept their password in order to change it.  If the user's password is
reset in phpldapadmin, again they are able to change the password once,
and no more.

I'd like to thank Kim Nguyen for giving me the solution to my problem: reconfiguring OpenLDAP with --enable-crypt (which, inexplicably, is off by default). Once i recompiled slapd, i was able to change passwords as often as i liked.

You shouldn't use {CRYPT} as password scheme in phpldapadmin. Its implementation may differ on different OS platforms (e.g. when running phpldapadmin on a different platform). This is a good reason for --enable-crypt being off by default. Use {SSHA} instead for new passwords and let old password age.


Ciao, Michael.