Hi there,
I have an OpenLDAP Server authenticating with TLSv1, but I ´foound some probelms when I have to change my ldap user´s password. I use the following command to try to change it
[ming@ldap-cli ~]$ ldappasswd -AS -ZZ -H ldaps://ldap.server/ -D uid=ming,ou=org-unit,o=org,c=br Old password: Re-enter old password: New password: Re-enter new password: ldap_start_tls: Operations error (1) additional info: TLS already started [ming@ldap-cli ~]$ ldappasswd -AS -H ldaps://ldap.server/ -D uid=ming,ou=org-unit,o=org,c=br Old password: Re-enter old password: New password: Re-enter new password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found) I store only password's hashes in my ldap database, so I need to know how to replace this hash.
If I connect to my ldap server using some ldap browser, like ldapadmin, I can change my user´s password, but I need to change it using some command line, like ldappasswd.
Do you have some examples about how to use ldappasswd ? I already search it in Google, but all expamples that I found tells me that to use same command that I'm already using.
Thanks iin advance
--- Gustavo Mendes de Carvalho email: gmcarvalho@gmail.com
On Sex, 2008-02-08 at 14:33 -0200, Gustavo Mendes de Carvalho wrote:
Hi there,
I have an OpenLDAP Server authenticating with TLSv1, but I ´foound some probelms when I have to change my ldap user´s password. I use the following command to try to change it
[ming@ldap-cli ~]$ ldappasswd -AS -ZZ -H ldaps://ldap.server/ -D
This doesn't make sense. You are trying to use start_tls (-ZZ) on an already encrypted connection (ldaps://). Use one or the other. Not both.
Hi Andreas,
Even if I don't use -ZZ, I can't use it.
You can see this in second command.
[ming@ldap-cli ~]$ ldappasswd -AS -H ldaps://ldap.server/ -D uid=ming,ou=org-unit,o=org,c=br Old password: Re-enter old password: New password: Re-enter new password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found
Where can I find some information about Local error (-2) ?
--- Gustavo Mendes de Carvalho e-mail: gmcarvalho@gmail.com
--On February 8, 2008 4:33:26 PM -0200 Gustavo Mendes de Carvalho gmcarvalho@gmail.com wrote:
Hi Andreas,
Even if I don't use -ZZ, I can't use it.
You can see this in second command.
[ming@ldap-cli ~]$ ldappasswd -AS -H ldaps://ldap.server/ -D uid=ming,ou=org-unit,o=org,c=br Old password: Re-enter old password: New password: Re-enter new password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found
Where can I find some information about Local error (-2) ?
I suggest adding the -x flag for a simple bind, as you clearly don't support SASL/GSSAPI.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Hi Quanah,
I added -x flag, and check the result
[ming@s200-189-190-106 ~]$ ldappasswd -AS -H ldap://ldap.server/ -D uid=ming,ou=org-unit,o=org,c=br -x Old password: Re-enter old password: New password: Re-enter new password: ldap_bind: Can't contact LDAP server (-1)
My OpenLDAP server is reacheable in ports 389 and 636, using ldap and ldaps.
And now I have other question. How can I send a hash from passwords (the old one and the new one) that I am typing ? I believe that If I can send a hash from passwords, I don't need to use SASL/GSSAPI.
--- Gustavo Mendes de Carvalho e-mail: gmcarvalho@gmail.com
--On February 8, 2008 4:50:39 PM -0200 Gustavo Mendes de Carvalho gmcarvalho@gmail.com wrote:
Hi Quanah,
I added -x flag, and check the result
[ming@s200-189-190-106 ~]$ ldappasswd -AS -H ldap://ldap.server/ -D
If that's an exact cut and paste, I seriously doubt "ldap.server" is the FQDN of your ldap server.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Andreas Hasenack -
Gustavo Mendes de Carvalho -
Quanah Gibson-Mount