RE: Issues with resetting user password

Hello,

What type of configuration info do you need? I will send some copies. Regarding the ppolicy module, I do see scripts for it & we do have password policy in place. Below is a copy of ppolicyruleReplace.ldif:

$ cat ppolicyruleReplace.ldif # dn: cn=passwordDefault,ou=Policies,dc=att,dc=com changetype: modify replace: pwdMaxAge pwdMaxAge: 7776000 - replace: pwdMaxFailure pwdMaxFailure: 8 - replace: pwdFailureCountInterval pwdFailureCountInterval: 21600 - replace: pwdLockoutDuration pwdLockoutDuration: 1800 - replace: pwdExpireWarning pwdExpireWarning: 7776000 - replace: pwdGraceAuthNLimit pwdGraceAuthNLimit: 0 - replace: pwdMustChange pwdMustChange: TRUE

Here is a copy of my ldap.conf:

----- root pdprfsl4.sldc.sbc.com /etc/openldap ----- $ cat ldap.conf # # LDAP Defaults #

# See ldap.conf(5) for details # This file should be world readable but not world writable.

#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never

TLS_CACERTDIR /etc/openldap/cacerts

# Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on URI ldap://pdprfsl4.sldc.sbc.com/ BASE dc=att,dc=com tls_checkpeer no

----- root pdprfsl4.sldc.sbc.com /etc/openldap -----

Thanks, Ed

-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Thursday, September 17, 2020 5:58 PM To: CLARKE, ED C ec4397@att.com; openldap-technical@openldap.org Subject: Re: Issues with resetting user password

--On Thursday, September 17, 2020 11:41 PM +0000 "CLARKE, ED C" ec4397@att.com wrote:

[Image: ""]

Hello,

I am new to this arena, I have a Open LDAP installed on my Linux server RHEL 7.8.

I am not able to reset user passwords, I have checked the systemctl status slapd.service And it is active & running.

Below is an example of the resetpw.ldif:

Are you using the ppolicy module? You've provided no information about your configuration.

The correct way to change a user password is to use an LDAPv3 password modify operation, not an ldapmodify change. See the ldappasswd(1) command.

Regards, Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwIC... >