Keeping replies on openldap-technical(a)openldap.org is recommended, since it
gives you more eyes for your problem.
> On Thu, Aug 16, 2012 at 2:30 PM, Dan White
>> On 08/16/12 14:06 -0700, Jeffrey Parker wrote:
>>>> I cannot seem to find anything helpful about this issue. I had it
>>>> working before when I first setup OpenLDAP and I have not changed
>>>> any settings since then. The only thing I can seem to find is
>>>> suggestion saying to use -x when running ldappasswd. When I use -x I
>>>> get the error below
>>>> Result: Strong(er) authentication required (8)
>>>> Additional info: only authenticated users may change passwords
>>> If binding with -x, you'll need to provide a bind dn (-D) and a
>>> I am running OpenLDAP, I am not sure what version but it is somewhat
>>> The error messages is briefly discussed in the OpenLDAP Administrator's
>>> Guide (section H.17).
>>> Verify that you are able to bind to the server with 'ldapwhoami',
>>> your credentials. Once that succeeds, verify that your entry contains
>>> a 'userPassword' attribute, and that the user you are binding with
>>> the permissions to change it.
On Aug 17, 2012 9:08 AM, "Dan White" <dwhite(a)olp.net>
> On 08/16/12 15:32 -0700, Jeffrey Parker wrote:
>> The setup that I have is a bit strange, I am not using OpenLDAP to
>> authenticate operating system users. I am using it for other
>> authentication. The authentication works for usermin which I am using
>> as an interface to change passwords and for phpldapadmin, and for
>> Hudson continuous integration. That section that you mentioned in the
>> OpenLDAP Administrator's guide does not give any help it just says what
>> that means not any indication on what to do to fix it. As a side note
>> ldapwhoami does not work because I am not authenticated through ldap to
>> login to the computer. I can manually change the password in
>> phpldapadmin, but I need the users to be able to change their own
>> password which was working but now it is not working and I did not
>> change anything since the time that it was working.
> A cannot assist you with phpldapadmin or usermin.
> If you would like users to change their own passwords with the ldappasswd
> utility, then ldapwhoami is an acid test. Users must be able to
> authenticate to your ldap server before they can change their passwords for
> themselves. This is unrelated to how you, or your users, authenticate to
> the operating system.
> When password changes worked, what command (include command line
> parameters) did your users use?
On 08/17/12 09:46 -0700, Jeffrey Parker wrote:
Usermin runs ldappasswd. The command-line options when it worked are
same as I tried before, just ldappasswd. Users can authenticate without any
Common ldappasswd examples include:
for simple binds:
ldappasswd -x -D "uid=jsmith,dc=example,dc=net" -W -s "new_password"
for sasl binds:
ldappasswd -Y digest-md5 -U jsmith -s "new_password"
What are the contents of the following files, if they exist?
/etc/ldap/ldap.conf (or your system's equivalent)
Consult the manpages for ldap.conf and ldappasswd.