Hello,
I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the "passwd" command as root for a LDAP user, I get the following:
(as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error.
I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it?
Thanks,
Rohit
From: <Chaudhari>, "Rohit K. Chaudhari" <rohit.chaudhari@jhuapl.edumailto:rohit.chaudhari@jhuapl.edu> Date: Tuesday, January 21, 2014 3:29 PM To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org> Subject: using passwd with 389
Hello,
I want to be able to use the Unix "passwd" command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work?
Thanks,
Rohit
sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example.
On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
Hello,
I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the "passwd" command as root for a LDAP user, I get the following:
(as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error.
I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it?
Thanks,
Rohit
From: <Chaudhari>, "Rohit K. Chaudhari" rohit.chaudhari@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: using passwd with 389
Hello,
I want to be able to use the Unix "passwd" command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work?
Thanks,
Rohit
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I'm not using kerberos. The other suggestion about using ldappasswd led to the error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Additional info: TLS: hostname does not match CN in peer certificate
Is there a way to create a JNDI equivalent command so that I could add a checkbox to a Java GUI that basically toggles the "force password change after reset" checkbox built into the password policy in 389?
On 1/22/14 10:49 AM, "Paul Robert Marino" prmarino1@gmail.com wrote:
sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example.
On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
Hello,
I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the "passwd" command as root for a LDAP user, I get the following:
(as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error.
I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it?
Thanks,
Rohit
From: <Chaudhari>, "Rohit K. Chaudhari" rohit.chaudhari@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: using passwd with 389
Hello,
I want to be able to use the Unix "passwd" command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work?
Thanks,
Rohit
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
your SSL cert or your DNS is bad. TLS requires full forward and revers lookup of the C name for the host to match one of the host names in the SSL cert.
On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
I'm not using kerberos. The other suggestion about using ldappasswd led to the error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Additional info: TLS: hostname does not match CN in peer certificate
Is there a way to create a JNDI equivalent command so that I could add a checkbox to a Java GUI that basically toggles the "force password change after reset" checkbox built into the password policy in 389?
On 1/22/14 10:49 AM, "Paul Robert Marino" prmarino1@gmail.com wrote:
sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example.
On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
Hello,
I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the "passwd" command as root for a LDAP user, I get the following:
(as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error.
I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it?
Thanks,
Rohit
From: <Chaudhari>, "Rohit K. Chaudhari" rohit.chaudhari@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: using passwd with 389
Hello,
I want to be able to use the Unix "passwd" command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work?
Thanks,
Rohit
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Before I explore this further, when using "ldappasswd," will it still prompt me for the current password before I can type in a new password to replace it?
On 1/22/14 3:26 PM, "Paul Robert Marino" prmarino1@gmail.com wrote:
your SSL cert or your DNS is bad. TLS requires full forward and revers lookup of the C name for the host to match one of the host names in the SSL cert.
On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
I'm not using kerberos. The other suggestion about using ldappasswd led to the error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Additional info: TLS: hostname does not match CN in peer certificate
Is there a way to create a JNDI equivalent command so that I could add a checkbox to a Java GUI that basically toggles the "force password change after reset" checkbox built into the password policy in 389?
On 1/22/14 10:49 AM, "Paul Robert Marino" prmarino1@gmail.com wrote:
sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example.
On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
Hello,
I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the "passwd" command as root for a LDAP user, I get the following:
(as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error.
I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it?
Thanks,
Rohit
From: <Chaudhari>, "Rohit K. Chaudhari" rohit.chaudhari@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: using passwd with 389
Hello,
I want to be able to use the Unix "passwd" command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work?
Thanks,
Rohit
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 01/22/2014 12:31 PM, Chaudhari, Rohit K. wrote:
Before I explore this further, when using "ldappasswd," will it still prompt me for the current password before I can type in a new password to replace it?
You need to be bound to the LDAP server as a user who has permission to change the password. If you are changing your own password, you need to supply your existing password to complete this bind operation. If you are an admin resetting a password for a different user, you will need to supply the admin user password to complete the bind, but you will not need to supply the user's existing password.
The ldappasswd command requires that the connection is protected with SSL/TLS or a SASL mechanism that provides confidentiality. You will need to resolve your TLS problem.
On 1/22/14 3:26 PM, "Paul Robert Marino" prmarino1@gmail.com wrote:
your SSL cert or your DNS is bad. TLS requires full forward and revers lookup of the C name for the host to match one of the host names in the SSL cert.
On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
I'm not using kerberos. The other suggestion about using ldappasswd led to the error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Additional info: TLS: hostname does not match CN in peer certificate
Is there a way to create a JNDI equivalent command so that I could add a checkbox to a Java GUI that basically toggles the "force password change after reset" checkbox built into the password policy in 389?
On 1/22/14 10:49 AM, "Paul Robert Marino" prmarino1@gmail.com wrote:
sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example.
On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. Rohit.Chaudhari@jhuapl.edu wrote:
Hello,
I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the "passwd" command as root for a LDAP user, I get the following:
(as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error.
I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it?
Thanks,
Rohit
From: <Chaudhari>, "Rohit K. Chaudhari" rohit.chaudhari@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Subject: using passwd with 389
Hello,
I want to be able to use the Unix "passwd" command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work?
Thanks,
Rohit
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hello 389DS users,
I'm trying to figure out how to programmatically control the "Change password after reset" through Java code. What is the attribute associated with that checkbox in the 389DS password policy tab? Is there not a tab for it. I just need confirmation on that.
Thanks
There is no tab for it.
On 26/01/14 22:55, Chaudhari, Rohit K. wrote:
Hello 389DS users,
I'm trying to figure out how to programmatically control the "Change password after reset" through Java code. What is the attribute associated with that checkbox in the 389DS password policy tab? Is there not a tab for it. I just need confirmation on that.
Thanks
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
There is a tab under Data->Password Policy, and what I meant was that checkbox "Reset password." I want the ability to programmatically toggle that checkbox. Is there an attribute associated with that?
Thanks
On 1/27/14 3:21 PM, "Dan Lavu" dan@lavu.net wrote:
There is no tab for it.
On 26/01/14 22:55, Chaudhari, Rohit K. wrote:
Hello 389DS users,
I'm trying to figure out how to programmatically control the "Change password after reset" through Java code. What is the attribute associated with that checkbox in the 389DS password policy tab? Is there not a tab for it. I just need confirmation on that.
Thanks
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Chaudhari, Rohit K. -
Dan Lavu -
Nathan Kinder -
Paul Robert Marino