Hello

 

  I’m running openldap-2.3.43 on an RHEL 5.3  All works fine (like usual) with the linux clients but I have some troubles with AIX

 

 I have done this tests with An AIX 5.3 TL9 host.

 

 When I change my password with AIX it runs like that

 

   [user@host] $ passwd

   Changing password for "user"

   user's Old password:

   user's New password:

   Enter the new password again:

 

   And it’s done, over.

 

When I check the modification on openLDAP server the password is in clear in the field « userPassword ».

 

On my linux clients it ask the new password 2 times (normal ?) and is not in clear in userPassword filed.

 

   [user@host] $ passwd 

   Changing password for user user.

   Enter login(LDAP) password:

   New UNIX password: 

   Retype new UNIX password:

   New password:

   Re-enter new password:

   LDAP password information changed for user

   passwd: all authentication tokens updated successfully.

 

An extract of logs :

 

From an Aix :

 

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=0 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" method=128

Sep 17 14:51:19 srvldap slapd[8270]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=0 BIND dn="uid=user,ou=users,dc= xxx,dc=xx" mech=SIMPLE ssf=0

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=0 RESULT tag=97 err=0 text=

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=1 MOD dn="uid=user,ou=users,dc= xxx,dc=xx"

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=1 MOD attr=userpassword userpassword

Sep 17 14:51:19 srvldap slapd[8270]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=1 RESULT tag=103 err=0 text=

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=2 UNBIND

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 fd=22 closed

Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=6 SRCH base="ou=users,dc= xxx,dc= xx " scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=in205))"

Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=

Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=7 MOD dn="uid=user,ou=users,dc= xxx,dc= xx "

Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=7 MOD attr=shadowlastchange

Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=7 RESULT tag=103 err=8 text=modifications require authentication

 

 

… some troubles ….

 

From Linux :

 

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 fd=34 ACCEPT from IP=192.168.3.30:51023 (IP=0.0.0.0:636)

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 fd=34 TLS established tls_ssf=256 ssf=256

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=0 BIND dn="" method=128

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=0 RESULT tag=97 err=0 text=

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=1 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uidNumber=1001))"

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=2 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=user))"

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass

Oct  6 15:37:40 srvldap slapd[2420]: conn=5764 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

Oct  6 15:37:40 srvldap slapd[2420]: conn=5765 fd=38 ACCEPT from IP=192.168.3.30:51024 (IP=0.0.0.0:636)

Oct  6 15:37:40 srvldap slapd[2420]: conn=5765 fd=38 TLS established tls_ssf=256 ssf=256

Oct  6 15:37:40 srvldap slapd[2420]: conn=5765 op=0 BIND dn="" method=128

Oct  6 15:37:40 srvldap slapd[2420]: conn=5765 op=0 RESULT tag=97 err=0 text=

Oct  6 15:37:40 srvldap slapd[2420]: conn=5765 op=1 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(|(&(accessTo=host22)(trustModel=byhost))(trustModel=fullaccess))(uid=user))"

Oct  6 15:37:40 srvldap slapd[2420]: <= bdb_equality_candidates: (accessTo) not indexed

Oct  6 15:37:40 srvldap slapd[2420]: <= bdb_equality_candidates: (trustModel) not indexed

Oct  6 15:37:40 srvldap slapd[2420]: <= bdb_equality_candidates: (trustModel) not indexed

Oct  6 15:37:40 srvldap slapd[2420]: conn=5765 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Oct  6 15:37:43 srvldap slapd[2420]: conn=5765 op=2 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" method=128

Oct  6 15:37:43 srvldap slapd[2420]: conn=5765 op=2 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" mech=SIMPLE ssf=0

Oct  6 15:37:43 srvldap slapd[2420]: conn=5765 op=2 RESULT tag=97 err=0 text=

Oct  6 15:37:43 srvldap slapd[2420]: conn=5765 op=3 BIND anonymous mech=implicit ssf=0

Oct  6 15:37:43 srvldap slapd[2420]: conn=5765 op=3 BIND dn="" method=128

Oct  6 15:37:43 srvldap slapd[2420]: conn=5765 op=3 RESULT tag=97 err=0 text=

Oct  6 15:37:46 srvldap slapd[2420]: conn=5764 op=3 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uidNumber=1001))"

Oct  6 15:37:46 srvldap slapd[2420]: conn=5764 op=3 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass

Oct  6 15:37:46 srvldap slapd[2420]: conn=5764 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=4 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" method=128

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=4 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" mech=SIMPLE ssf=0

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=4 RESULT tag=97 err=0 text=

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=5 PASSMOD id="uid=user,ou=users,dc=xxx,dc=xx" new

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=5 RESULT oid= err=0 text=

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=6 MOD dn="uid=user,ou=users,dc=xxx,dc=xx"

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=6 MOD attr=shadowLastChange

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=6 RESULT tag=103 err=0 text=

Oct  6 15:37:52 srvldap slapd[2420]: conn=5764 fd=34 closed (connection lost)

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 op=7 UNBIND

Oct  6 15:37:52 srvldap slapd[2420]: conn=5765 fd=38 closed

 

Thanks for your help.

 

--

Philippe Caseiro