[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd gives error ldap_sasl_interactive_bind_s: No such attribute (16)



Keeping replies on openldap-technical@openldap.org is recommended, since it
gives you more eyes for your problem.

 On Thu, Aug 16, 2012 at 2:30 PM, Dan White <dwhite@olp.net> wrote:
 On 08/16/12 14:06 -0700, Jeffrey Parker wrote:
 I cannot seem to find anything helpful about this issue. I had it
 working before when I first setup OpenLDAP and I have not changed
 any settings since then. The only thing I can seem to find is
 suggestion saying to use -x when running ldappasswd. When I use -x I
 get the error below

Result: Strong(er) authentication required (8)
Additional info: only authenticated users may change passwords


If binding with -x, you'll need to provide a bind dn (-D) and a password.

 I am running OpenLDAP, I am not sure what version but it is somewhat
 new.

The error messages is briefly discussed in the OpenLDAP Administrator's
Guide (section H.17).

Verify that you are able to bind to the server with 'ldapwhoami', with
your credentials. Once that succeeds, verify that your entry contains
a 'userPassword' attribute, and that the user you are binding with has
the permissions to change it.

On Aug 17, 2012 9:08 AM, "Dan White" <dwhite@olp.net> wrote:
On 08/16/12 15:32 -0700, Jeffrey Parker wrote:

The setup that I have is a bit strange, I am not using OpenLDAP to
authenticate operating system users. I am using it for other
authentication. The authentication works for usermin which I am using
as an interface to change passwords and for phpldapadmin, and for
Hudson continuous integration. That section that you mentioned in the
OpenLDAP Administrator's guide does not give any help it just says what
that means not any indication on what to do to fix it. As a side note
ldapwhoami does not work because I am not authenticated through ldap to
login to the computer. I can manually change the password in
phpldapadmin, but I need the users to be able to change their own
password which was working but now it is not working and I did not
change anything since the time that it was working.

A cannot assist you with phpldapadmin or usermin.

If you would like users to change their own passwords with the ldappasswd
utility, then ldapwhoami is an acid test. Users must be able to
authenticate to your ldap server before they can change their passwords for
themselves. This is unrelated to how you, or your users, authenticate to
the operating system.

When password changes worked, what command (include command line
parameters) did your users use?

On 08/17/12 09:46 -0700, Jeffrey Parker wrote:
Usermin runs ldappasswd. The command-line options when it worked are the
same as I tried before, just ldappasswd. Users can authenticate without any
issue.

Common ldappasswd examples include:

for simple binds:

ldappasswd -x -D "uid=jsmith,dc=example,dc=net" -W -s "new_password"

for sasl binds:

ldappasswd -Y digest-md5 -U jsmith -s "new_password"

What are the contents of the following files, if they exist?

/etc/ldap/ldap.conf (or your system's equivalent)
$HOME/ldaprc
$HOME/.ldaprc
./ldaprc

Consult the manpages for ldap.conf and ldappasswd.

--
Dan White