Hello
I've installed a openldap as proxy in a DMZ for authentication forwarding to an Active Directoy. The Proxy is used by a VPN gateway.
That all works very well, but password change from client fails with following error:
slapd[30661]: conn=1001 op=5 do_modify slapd[30661]: conn=1001 op=5 do_modify: dn (cn=XPTEST5,ou=Users,dc=myorg,dc=net) slapd[30661]: >>> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net> slapd[30661]: <<< dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net>, <cn=xptest5,ou=users,dc=myorg,dc=net> slapd[30661]: conn=1001 op=5 modifications: slapd[30661]: delete: UnicodePwd slapd[30661]: one value, length 26 slapd[30661]: add: UnicodePwd slapd[30661]: one value, length 26 slapd[30661]: conn=1001 op=5 MOD dn="cn=TEST5,ou=Users,dc=myorg,dc=net" slapd[30661]: conn=1001 op=5 MOD attr=UnicodePwd UnicodePwd slapd[30661]: send_ldap_result: conn=1001 op=5 p=3 slapd[30661]: send_ldap_result: err=17 matched="" text="UnicodePwd: attribute type undefined" slapd[30661]: send_ldap_response: msgid=6 tag=103 err=17 slapd[30661]: conn=1001 op=5 RESULT tag=103 err=17 text=UnicodePwd: attribute type undefined slapd[30661]: daemon: activity on 1 descriptor slapd[30661]: daemon: activity on: slapd[30661]: slapd[30661]: daemon: epoll: listen=7 active_threads=0 tvp=zero slapd[30661]: daemon: activity on 1 descriptor slapd[30661]: daemon: activity on:
As I understand, UnicodePwd is a proprietary "standard" MS attribute in AD to store the password but the RFC attribute is the userPassword.
Is it possible, to get the proxy working to process this MOD request, may be that openldap proxy pass through the MOD operation with the attribute UnicodePwd from the VPN-gateway?
[...]
create a private schema with all relevant attribute types and object classes
Thanks, that worked!!!
Meike