Hello Quanah,
I am using OpenLDAP, on an IBM LinuxONE server, IBM just helped with the setup. I also was able to test the below on my other ldap server & it performed as expected & changed the password.
----- root pdprfdl4.dadc.sbc.com /root ----- $ ldappasswd -H ldapi:/// -x -D "cn=Manager,dc=att,dc=com" -W -S uid=foxdiv,ou=People,dc=att,dc=com New password: Re-enter new password: Enter LDAP Password: ----- root pdprfdl4.dadc.sbc.com /root ----- $ ldapwhoami -x -H ldapi:/// -D uid=foxdiv,ou=People,dc=att,dc=com -W Enter LDAP Password: dn:uid=foxdiv,ou=People,dc=att,dc=com ----- root pdprfdl4.dadc.sbc.com /root ----- $ ----- root pdprfdl4.dadc.sbc.com /root ----- $ ----- root pdprfdl4.dadc.sbc.com /root ----- $ rpm -qa | grep -i ldap openldap-clients-2.4.44-21.el7_6.s390x sssd-ldap-1.16.2-13.el7_6.12.s390x openldap-2.4.44-21.el7_6.s390x openldap-servers-2.4.44-21.el7_6.s390x ----- root pdprfdl4.dadc.sbc.com /root ----- $
On my server with the issue, the command runs, but when I try logging in with the new password, it fails, but I can log in with the old password.
----- root pdprfsl4.sldc.sbc.com /root ----- $ ldappasswd -H ldapi:/// -x -D "cn=Manager,dc=att,dc=com" -W -S uid=foxdiv,ou=People,dc=att,dc=com New password: Re-enter new password: Enter LDAP Password: ----- root pdprfsl4.sldc.sbc.com /root ----- $ ldapwhoami -x -H ldapi:/// -D uid=foxdiv,ou=People,dc=att,dc=com -W Enter LDAP Password: dn:uid=foxdiv,ou=People,dc=att,dc=com ----- root pdprfsl4.sldc.sbc.com /root ----- $ rpm -qa | grep -i ldap nss-pam-ldapd-0.8.13-25.el7.s390x compat-openldap-2.3.43-5.el7.s390x openldap-clients-2.4.44-21.el7_6.s390x openldap-servers-2.4.44-21.el7_6.s390x openldap-2.4.44-21.el7_6.s390x sssd-ldap-1.16.5-1.el7.s390x ----- root pdprfsl4.sldc.sbc.com /root -----
Thanks, Ed
-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Monday, September 21, 2020 5:10 PM To: CLARKE, ED C ec4397@att.com; openldap-technical@openldap.org Subject: RE: Issues with resetting user password
--On Monday, September 21, 2020 10:28 PM +0000 "CLARKE, ED C" ec4397@att.com wrote:
Hello Quanah,
I appreciate your help, and I wanted to give you some insight on how IBM set up our LDAP server regarding password changes. Below is an example what we have, essentially the .sh script performs an ldapmodify operation, using the ResetPW.ldif file.
What directory server are you running? The discussion so far has been assuming that you're using OpenLDAP. IBM's directory server may have different requirements.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwIC... >