You mean like so: ldappasswd -x -D cn=annem,dc=mydomain,dc=com
I also tried: ldappasswd -x -D cn=annem,dc=mydomain,dc=com -w newpassword
Yes, I tried that. No dice. It gives me an error:
"additional info: unauthenticated bind (DN with no password) disallowed"
Which of course means the regular user isn't allowed to bind to their own account and their password. So, I'm back to the drawing board. I still can't figure out how to change slapd.conf to enable regular users to change their own passwords...
Bugger...
-----Original Message----- From: Gavin Henry [mailto:ghenry@suretecsystems.com] Sent: Friday, September 14, 2007 11:52 AM To: Anne Moore Cc: openldap-software@openldap.org Subject: RE: configure OpenLDAP to allow directory users - change pass
<quote who="Anne Moore">
Haha, yah perhaps so! However, that didn't work either. Now I just get another set of errors:
"Result: Strong(er) authentication required (8) Additional info: only authenticated users may change passwords"
This is a major pain in the butt...
I just wish there was documentation on there on the basics of this setup, but so far, I've found nothing...
Did you bind as the user you were changing the password for? with -x -D -W ?
Thanks anyway
-----Original Message----- From: Gavin Henry [mailto:ghenry@suretecsystems.com] Sent: Friday, September 14, 2007 11:20 AM To: Anne Moore Cc: openldap-software@openldap.org Subject: RE: configure OpenLDAP to allow directory users - change pass
<quote who="Anne Moore"> > We've tried the ldappasswd on the clients and receive this error:
ldappasswd -x
You're going to have to try a bit harder ;-)
"ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database"
Obviously something is not configure correctly.
Any ideas on this error?
Thank you
Anne
-----Original Message----- From: openldap-software-bounces+diabeticithink=yahoo.com@OpenLDAP.org [mailto:openldap-software-bounces+diabeticithink=yahoo.com@OpenLDAP.o r g] On Behalf Of Kurt Zeilenga Sent: Friday, September 14, 2007 2:20 AM To: Anne Moore Cc: openldap-software@openldap.org Subject: Re: configure OpenLDAP to allow directory users - change pass
On Sep 13, 2007, at 3:12 PM, Anne Moore wrote:
Hi All
Does anyone know how to configure OpenLDAP to allow directory users to change their own passwords?
I've using Openldap-2.2.13-7.4E (on my RedHat server)
As it is now, I have to change everyone's directory password for them and the security department isn't liking it.
What do ldappasswd(1) and/or ldapmodify(1) say when changing the directory user's password when run as the user (instead of you or the Directory Manager)?
Note: If the users are using some other software, you might have a problem with that software. But before raising an issue (on a list about the other software, not here) you should make sure things work using only OpenLDAP Software. So, even if your users aren't using these tools, you should test with them (as a user) before doing anything else.
-- Kurt