> Hi Noriko,
>
> thanks for the quick response.
>
> On 9/23/16 3:37 PM, Noriko Hosoi wrote:
>> On 09/23/2016 02:24 PM, Janet Houser wrote:
>>> Hi folks,
>>>
>>> I'm fairly new to 389-ds and I ran into an issue when trying to
>>> update a user's password via the command line.
>>>
>>> I was able to change a password "as" the user via the command line
>>> using the following syntax without issue:
>>>
>>> ldappasswd -h my389dsserver.domain.edu -p 389 -ZZ -D
>>> "uid=jdoe,ou=People,dc=domain,dc=edu" -w current_user_passwd -s
>>> new_user_passwd "uid=jdoe,ou=People,dc=domain,dc=edu"
>>>
>>> However, when I tried doing the same thing as the Directory Manager,
>>> it changes the password hash, but it doesn't update the password. In
>>> fact, after
>>> issuing the following command (see below), both the old and new
>>> passwords don't work:
>>>
>>>
>>> ldappasswd -h my389dsserver.domain.edu -p 389 -ZZ -D "cn=Directory
>>> Manager" -w directorymanager_passwd -s new_user_passwd
>>> "uid=jdoe,ou=People,dc=domain,dc=edu"
>> Do you see any error messages in /var/log/dirsrv/slapd-INSTANCE/errors?
>
> No errors reported in /var/log/dirsrv/slapd-INSTANCE/errors when I run
> the ldappasswd command with "cn=Directory Manager".
>>
>> What does this access log file log for the operation?
>> /var/log/dirsrv/slapd-INSTANCE/access
>
> [23/Sep/2016:15:54:44 -0600] conn=27891 fd=125 slot=125 connection
> from XXX.X.XX.10 to XXX.XX.XXX.4
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [23/Sep/2016:15:54:44 -0600] conn=27891 TLS1.2 256-bit AES
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=1 BIND dn="cn=Directory
> Manager" method=128 version=3
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=1 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=2 EXT
> oid="1.3.6.1.4.1.4203.1.11.1" name="passwd_modify_extop"
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=2 RESULT err=0 tag=120
> nentries=0 etime=0
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=3 UNBIND
> [23/Sep/2016:15:54:44 -0600] conn=27891 op=3 fd=125 closed - U1
>
>
>
>>
>> What happens if you run this command line?
>> $ ldapmodify -h my389dsserver.domain.edu -p 389 -ZZ -D "cn=Directory
>> Manager" -w directorymanager_passwd << EOF
>> dn: uid=jdoe,ou=People,dc=domain,dc=edu
>> changetype: modify
>> replace: userPassword
>> userPassword: new_user_passwd
>> EOF
>>
>> Is the user's password is set to new_user_passwd?
>
> No, the password fails to be set, and both passwords, old and new, are
> now invalid. The output is:
>
> ----- keystrokes of issued command ----
> # ldapmodify -h my389dsserver.domain.edu -p 389 -ZZ -D "cn=Directory
> Manager" -w directorymanager_passwd << EOF
> > dn: uid=jdoe,ou=People,dc=domain,dc=edu
> > changetype: modify
> > replace: userPassword
> > userPassword: 123abc!@garbage
> > EOF
> modifying entry "uid=jdoe,ou=People,dc=domain,dc=edu"
> --- end of output ---
>
> I'm puzzled. So, it "acts" like it changes the password by telling me
> it is "modifying the entry", but it inserts something into the password
> because the old password and the new password don't work.
Hi Janet,
Could you tell us how you are testing the new password?
>
> Thanks for your help on this....
>>
>>> I found the following page,
>>> http://directory.fedoraproject.org/docs/389ds/design/password-administrator.html,
>>> but being fairly
>>> new to 389-ds I wasn't sure how to create/define/add the ability to
>>> be a password administrator to an account.
>>>
>>> Any suggestions would be appreciated.
>>>
>>> Thanks,
>>>
>>> /jh
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
No comments:
Post a Comment