On 01/06/2016 09:59 AM, FE9817 FE-DDIS.DK wrote:
> Hi,
> 
> Im trying to change password for a user, using ldap, but it hangs. Here is 
> what is done.
> 
> :~$ ldappasswd -h idm.com -ZZ -p 636 -x -D 
> "uid=admin,cn=users,cn=accounts,dc=com" -W -S 
> "uid=test000,cn=users,cn=accounts,dc=com" -d9 -v -A
> Old password:
> Re-enter old password:
> New password:
> Re-enter new password:
> ldap_initialize( ldap://idm.com:636 )
> ldap_create
> ldap_url_parse_ext(ldap://idm.com:636)
> ldap_extended_operation_s
> ldap_extended_operation
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP idm.com:636
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying 10.10.10.10:636
> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> ldap_open_defconn: successful
> ldap_send_server_request
> ber_scanf fmt ({it) ber:
> ber_scanf fmt ({) ber:
> ber_flush2: 31 bytes to sd 3
> ldap_result ld 0x7fc7f40de370 msgid 1
> wait4msg ld 0x7fc7f40de370 msgid 1 (infinite timeout)
> wait4msg continue ld 0x7fc7f40de370 msgid 1 all 1
> ** ld 0x7fc7f40de370 Connections:
> * host: idm01.dap.cfcs.dk  port: 636  (default)
>   refcnt: 2  status: Connected
>   last used: Wed Jan  6 09:29:43 2016
> 
> 
> ** ld 0x7fc7f40de370 Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>    outstanding referrals 0, parent count 0
>   ld 0x7fc7f40de370 request count 1 (abandoned 0)
> ** ld 0x7fc7f40de370 Response Queue:
>    Empty
>   ld 0x7fc7f40de370 response count 0
> ldap_chkResponseList ld 0x7fc7f40de370 msgid 1 all 1
> ldap_chkResponseList returns ld 0x7fc7f40de370 NULL
> ldap_int_select
> 
> It works when using kpasswd, but not ldappasswd. Any suggestions?

I had similar problem when kadmin did not start fully because of low entropy on
my VM, I wonder if this is your case as well. You can find out with

# systemctl status kadmin.service

But I am surprised that kadmin password change works and ldappasswd does not.
This would mean that "ipa passwd" command is also not working as it uses LDAP
way also.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to