(Readding openldap-technical@openldap.org to the CC list) On 08/16/12 15:32 -0700, Jeffrey Parker wrote:
The setup that I have is a bit strange, I am not using OpenLDAP to authenticate operating system users. I am using it for other authentication. The authentication works for usermin which I am using as an interface to change passwords and for phpldapadmin, and for Hudson continuous integration. That section that you mentioned in the OpenLDAP Administrator's guide does not give any help it just says what that means not any indication on what to do to fix it. As a side note ldapwhoami does not work because I am not authenticated through ldap to login to the computer. I can manually change the password in phpldapadmin, but I need the users to be able to change their own password which was working but now it is not working and I did not change anything since the time that it was working.
A cannot assist you with phpldapadmin or usermin. If you would like users to change their own passwords with the ldappasswd utility, then ldapwhoami is an acid test. Users must be able to authenticate to your ldap server before they can change their passwords for themselves. This is unrelated to how you, or your users, authenticate to the operating system. When password changes worked, what command (include command line parameters) did your users use?
On Thu, Aug 16, 2012 at 2:30 PM, Dan White <dwhite@olp.net> wrote:On 08/16/12 14:06 -0700, Jeffrey Parker wrote:I cannot seem to find anything helpful about this issue. I had it working before when I first setup OpenLDAP and I have not changed any settings since then. The only thing I can seem to find is suggestion saying to use -x when running ldappasswd. When I use -x I get the error below Result: Strong(er) authentication required (8) Additional info: only authenticated users may change passwordsIf binding with -x, you'll need to provide a bind dn (-D) and a password. I am running OpenLDAP, I am not sure what version but it is somewhat new.It is running on Turnkey Linux (ubuntu 10.04 based) and is in a virtual machine.The error messages is briefly discussed in the OpenLDAP Administrator's Guide (section H.17). Verify that you are able to bind to the server with 'ldapwhoami', with your credentials. Once that succeeds, verify that your entry contains a 'userPassword' attribute, and that the user you are binding with has the permissions to change it. -- Dan White
-- Dan White