Re: [Ltb-users] unable to change password in samba/ldap config

Fri, 01 Jun 2012 11:39:58 -0700 

Hi
When I try to change password for toto I can find error number 50 ( err=50 ) at the end of the openldap request. 

#cat /var/log/syslog


Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 fd=13 ACCEPT from 
IP=10.50.43.20:32854 (IP=0.0.0.0:389)
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=0 BIND 
dn="cn=manager,ou=agriculture,o=gouv,c=fr" method=128
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=0 BIND 
dn="cn=manager,ou=agriculture,o=gouv,c=fr" mech=SIMPLE ssf=0
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=0 RESULT tag=97 
err=0 text=
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=1 SRCH 
base="ou=people,ou=agriculture,o=gouv,c=fr" scope=2 deref=0 
filter="(&(objectClass=person)(uid=toto))"
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=1 SEARCH RESULT 
tag=101 err=0 nentries=1 text=
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=2 BIND 
anonymous mech=implicit ssf=0
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=2 BIND 
dn="uid=toto,ou=People,ou=agriculture,o=gouv,c=fr" method=128
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=2 BIND 
dn="uid=toto,ou=People,ou=agriculture,o=gouv,c=fr" mech=SIMPLE ssf=0
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=2 RESULT tag=97 
err=0 text=
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=3 MOD 
dn="uid=toto,ou=People,ou=agriculture,o=gouv,c=fr"
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=3 MOD 
attr=sambaNTPassword sambaPwdLastSet userPassword shadowLastChange
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=3 RESULT 
tag=103 err=50 text=

Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 op=4 UNBIND
Jun  1 20:26:56 linuxserveur2 slapd[18672]: conn=1064 fd=13 closed

$debug is set to true

I received the following errors messages :



Warning: preg_match_all() [function.preg-match-all]: Compilation failed: 
missing terminating ] for character class at offset 2 in 
/usr/share/self-service-password/lib/functions.inc.php on line 153



Notice: Undefined variable: hash in 
/usr/share/self-service-password/pages/change.php on line 151



Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: 
Insufficient access in 
/usr/share/self-service-password/lib/functions.inc.php on line 257


Have you got an idea ?

Le 01/06/2012 18:59, Clément OUDOT a écrit :

2012/6/1 Serge Le Garrec<[email protected]>:

Hi all,

I have install ssp on SQUEEZE DEBIAN system. Althought SSP seems to work the
application refuses to change passwords. The error message is "pasword
refused" !

I can change passwords from XP PC stations but I'd like to use SSP tp apply
a password policy.

Description of the file "config.inc.php" :
<?php
$ldap_url = "ldap://10.50.43.12";;
$ldap_binddn = "cn=manager,ou=agriculture,o=gouv,c=fr";
$ldap_bindpw = "secret";
$ldap_base = "ou=people,ou=agriculture,o=gouv,c=fr";
$ldap_filter = "(&(objectClass=person)(uid={login}))";
$ad_mode = false;
$ad_options['force_pwd_change'] = false;
$samba_mode = true;
$shadow_options['update_shadowLastChange'] = true;
$hash = "CRYPT";
$pwd_min_length = 4;
$pwd_max_length = 0;
$pwd_min_lower = 0;
$pwd_min_upper = 0;
$pwd_min_digit = 0;
$pwd_min_special = 0;
$pwd_special_chars = "^a-zA-Z0-9";
$pwd_no_reuse = true;
$pwd_complexity = 0;
$pwd_show_policy = "always";
$who_change_password = "user";
$use_questions = false;
$answer_objectClass = "extensibleObject";
$answer_attribute = "info";
$use_tokens = false;
$crypt_tokens = true;
$token_lifetime = "3600";
$mail_attribute = "mail";
$mail_from = "[email protected]";
$notify_on_change = false;
$show_help = true;
$lang ="fr";
$logo = "style/ltb-logo.png";
$debug = false;
$keyphrase = "secret";
$use_recaptcha = false;
$recaptcha_publickey = "";
$recaptcha_privatekey = "";
$recaptcha_theme = "white";
?>

Result of the command ldapsearch = OK :

# ldapsearch -x -W -D cn=manager,ou=agriculture,o=gouv,c=fr -H
ldap://10.50.43.12/ "(&(objectclass=person)(uid=toto))" -LLL
Enter LDAP Password:
dn: uid=toto,ou=People,ou=agriculture,o=gouv,c=fr
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: toto
sn: toto
givenName: toto
uid: toto
uidNumber: 1703
gidNumber: 513
homeDirectory: /home/toto
loginShell: /bin/bash
gecos: Samba User
sambaSID: S-1-5-21-739523420-3824988740-2474776140-1487
sambaKickoffTime: 0
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
  00000000
sambaAcctFlags: [U          ]
userPassword:: e1NTSEF9ZUYrdlZiSy9xTmp0NFpOWGxWL0V1YkpheFFVWERYZHI=
sambaPwdLastSet: 1338565649
sambaLMPassword: 9d7c1dd522f296b5f09bf40200000000
sambaNTPassword: aa81077e3975a538c4a41e985bd14096

Where are the logs to explore to better understand the problem ?

Hi,

you need to check OpenLDAP logs, or/and set $debug to true in SSP
config. You should get more information on why the password is
refused.

Clément.


--
Serge Le Garrec
RPI -- Responsable des Systèmes d'Information
RSSI du périmètre Préfecture - DDCS - DDTM - DDPP

DDPP de la Manche
Direction Départementale de la Protection des Populations

1304 Avenue de Paris CS 92209

50009 SAINT-LÔ CEDEX

Tél : 02 33 72 65 58 --- Fax : 02 33 72 60 71

[email protected]


_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users






















					Reply via email to