Hi 

Sorry about the top posting!!. 

"Did you check in your ACL that access to userPassword attribute is allowed to authenticate users?"

You were totally correct here, thanks, it was the access to that attribute after using 

slapd -d 256 -d 128

It highlighted that the user didn't have access to that, I literally found it about 1 hour before you emailed -- thanks very much for the help though.

Regards
Ian



From: Clément OUDOT <clement.oudot@worteks.com>
Sent: 24 November 2022 4:56 PM
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Subject: Re: Checking users password
 


Le 22/11/2022 à 11:52, Ian Porter a écrit :
Hi

I have tried to change a users password either by

ldappasswd -H ldapi:/// -x -D "ADMIN ACCOUNT" -W -S "uid=USER,ou=USER,o=ORG"

or via a ldif file with ldapmodify

ldapmodify -H ldap:// -x -D "ADMIN ACCOUNT" -W -f ./password.ldif

dn: uid=USER,ou=USER,o=ORG
changetype: modify
replace: userPassword
userPassword: {SSHA}SSHAPASSWORD HERE

where the ADMIN ACCOUNT / USER etc have been replaced with the ldap cn=manager etc, but every time I try to confirm that the password has been updated via

ldapwhoami -x -W -D "uid=USER,ou=USER,o=ORG" -H ldapi:///
Enter LDAP Password:  
ldap_bind: Invalid credentials (49)

I keep on getting the ldap_bind invalid credentials, I have tested the userPassword attribute via the apache directory studio and verified the userPassword is correct.

Any advice, please


Why are you using ldapi:// with ldapwhoami and ldap:// with ldapmodify ?


Did you check in your ACL that access to userPassword attribute is allowed to authenticate users?
-- 
Clément Oudot | Identity Solutions Manager

clement.oudot@worteks.com

Worteks | https://www.worteks.com

Banner2.png
Intergence Systems Ltd.
The Old Coach House, Brewery Road, Pampisford, Cambridge, CB22 3HG
Tel:  +44 845 226 4167
www.intergence.com

LinkedIN.png   Twitter.png 

Intergence Systems Limited Disclaimer: This email may contain Copyright Material and/or sensitive or protectively marked / classified material. The email is intended for the named addressee(s). Unless you are the named addressee (or authorised to receive it for the addressee), you may not copy, use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic may be subject to recording and/or monitoring in accordance with relevant legislation. Correspondence sent to Intergence Systems Limited is treated as being sent to the organisation as a whole and may be shared within the organisation and/or legitimate and authorised external organisations to enable the matter contained therein to be dealt with appropriately and/or to comply with legislative requirements. Intergence Systems Limited does not accept service of documents by e-mail.