[ltb-dev] [LDAP Tool Box - Bug #316] (New) pwdSafeModify self service password

Thu, 05 May 2011 06:22:20 -0700 

Issue #316 has been reported by Shelley Waltz.

----------------------------------------
Bug #316: pwdSafeModify self service password
http://tools.lsc-project.org/issues/316

Author: Shelley Waltz
Status: New
Priority: Normal
Assigned to: 
Category: 
Target version: 


Hi
I am implementing self service password on RHEL5 with 
openldap-servers-2.3.43-12.el5_6.7.
I set up a default policy for testing - very simple, with only one requirement 
- that the
user is allowed to change their own password(pwdAllowUserChangeTrue: TRUE) and 
that the user
must supply their password in order to change it(pwdSafeModify: TRUE).

If I use self service password configured to enter old password and provide and 
verify a
new password, it fails with the following message in my log file ...

May  4 09:20:14 lemur slapd[9768]: conn=18 op=2 BIND 
dn="cn=testuser,dc=example,dc=com" mech=SIMPLE ssf=0
May  4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: 
"cn=testuser,dc=example,dc=com"
May  4 09:20:14 lemur slapd[9768]: conn=18 op=2 RESULT tag=97 err=0 text=
May  4 09:20:14 lemur slapd[9768]: conn=18 op=3 MOD 
dn="cn=testuser,dc=example,dc=com"
May  4 09:20:14 lemur slapd[9768]: conn=18 op=3 MOD attr=userPassword
May  4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: 
"cn=testuser,dc=example,dc=com"
May  4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: 
"cn=default,ou=policies,dc=example,dc=com"
May  4 09:20:14 lemur slapd[9768]: conn=18 op=3 RESULT tag=103 err=50 text=Must 
supply old password to be changed as well as new one
May  4 09:20:14 lemur slapd[9768]: conn=18 op=4 UNBIND
May  4 09:20:16 lemur slapd[9768]: conn=18 fd=18 closed

If I change pwdSafeModify to FALSE, it works fine.  Does this functionality not 
exist with self service password - 
does it not pass the necessary information to openldap ppolicy, or am I missing 
something?

thanks
shwaltz


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://tools.lsc-project.org/my/account

_______________________________________________
ltb-dev mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-dev

Reply via email to