[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Issues between provider and consumer

To: "Choure, Sidd" <schoure@apartments.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Password Issues between provider and consumer
From: "Choure, Sidd" <schoure@apartments.com>
Date: Sun, 24 Nov 2013 21:52:25 +0000
Accept-language: en-US
Content-id: <A47EAF9E4187AF4FB4A30272F109A911@classifiedventures.com>
Content-language: en-US
In-reply-to: <CEB533B0.D24%schoure@apartments.com>
Thread-index: AQHO59BkCM2WGrYMsEmv+zo1VmzIEpo070uA
Thread-topic: Password Issues between provider and consumer

Anyone?
Siddharth Choure
Senior Systems Engineer
 







On 11/22/13, 4:15 PM, "Choure, Sidd" <schoure@apartments.com> wrote:

>Everything is setup on RHEL 6.4 with Openldap 2.4.
>
>I have one provider and one consumer. StartTLS has been enabled and
>everything is working as intended. My only problem arises here -
>When a user is setup with a password and he tries to change his password
>on a consumer pointing client,  I get a passwd: Authentication token
>manipulation error. This message is misleading since the password is in
>fact changed on the provider ( I have the olcUpdateRef directive setup).
>This creates a situation where the user can login to consumer pointed
>boxes with his old password and provider pointed boxes with his new
>password. If the user tries to change his password for the second time on
>consumer pointed boxes, I get  Password change failed. Server message:
>unwilling to verify old password passwd: Authentication token
>manipulation error which understandably is because the password in the
>actual LDAP db is different from what is being supplied and being
>accepted by the client. What is going on here? Why isn¹t the password not
>getting updated properly in the consumer?
>
>Here are some of the relevant snippets of configs -
>For Syncrepl in olcDatabase={2}bdb.ldif on consumer
>
>
>###For Replication
>
>olcSyncrepl: rid=100
>
>  provider="ldap://server.com
>
>  type=refreshAndPersist
>
>  retry="60 30 300 +"
>
>  searchbase=³dc=ex,dc=example,dc=com"
>
>  bindmethod=simple
>
>  binddn="cn=Manager,dc=ex,dc=example,dc=com"
>
>  credentials=secret
>
>  starttls=yes
>
>  tls_cacert=/etc/pki/CA/cacert.pem
>
>  tls_cert=/etc/pki/tls/certs/cert.pem
>
>  tls_key=/etc/pki/tls/certs/key.pem
>
>olcUpdateRef: ldap://server.com
>
>
>ACL on provider -
>
>lcAccess: to attrs=userPassword
>
>       by self write
>
>       by dn.base="cn=Manager,dc=ex,dc=example,dc=com" write
>
>       by anonymous auth
>
>       by * none
>
>olcAccess: to *
>
>       by self write
>
>       by dn.base="cn=Manager,dc=ex,dc=example,dc=com" write
>
>       by users read
>
>olcAccess: to attrs=entry
>
>       by dn.base="cn=Manager,dc=ex,dc=example,dc=com" write
>
>       by * read
>
>
>
>Let me know if any more configs are needed and I will post them. Any help
>is appreciated.
>
>Siddharth Choure
>Senior Systems Engineer
>
>
>
>

Follow-Ups:
- Re: Password Issues between provider and consumer
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Password Issues between provider and consumer
  - From: "Choure, Sidd" <schoure@apartments.com>

Prev by Date: Re: DNS SRV with openldap
Next by Date: Re: Password Issues between provider and consumer
Index(es):
- Chronological
- Thread