2012/10/9 Ramesh Kumar <[email protected]>: > Please find the config.inc.php file and complete logs while I am trying to > change the password from GUI. > > <?php > #============================================================================== > # LTB Self Service Password > # > # Copyright (C) 2009 Clement OUDOT > # Copyright (C) 2009 LTB-project.org > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of the GNU General Public License > # as published by the Free Software Foundation; either version 2 > # of the License, or (at your option) any later version. > # > # This program is distributed in the hope that it will be useful, > # but WITHOUT ANY WARRANTY; without even the implied warranty of > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > # GNU General Public License for more details. > # > # GPL License: http://www.gnu.org/licenses/gpl.txt > # > #============================================================================== > > #============================================================================== > # Configuration > #============================================================================== > # LDAP ... > > # Active Directory mode > # true: use unicodePwd as password field > # false: LDAPv3 standard behavior > $ad_mode = true; > # Force account unlock when password is changed > $ad_options['force_unlock'] = true; > # Force user change password at next login > $ad_options['force_pwd_change'] = false; > > # Samba mode > # true: update sambaNTpassword and sambaPwdLastSet attributes too > # false: just update the password > # Warning: this require mhash() to be installed on your system > $samba_mode = false; > > # Shadow options - require shadowAccount objectClass > # Update shadowLastChange > $shadow_options['update_shadowLastChange'] = true; > > # Hash mechanism for password: > # SSHA > # SHA > # SMD5 > # MD5 > # CRYPT > # clear (the default) > # This option is not used with ad_mode = true > $hash = "SSHA"; > > # Local password policy > # This is applied before directory password policy > # Minimal length > $pwd_min_length = 10; > # Maximal length > $pwd_max_length = 1; > # Minimal lower characters > $pwd_min_lower = 1; > # Minimal upper characters > $pwd_min_upper = 1; > # Minimal digit characters > $pwd_min_digit = 1; > # Minimal special characters > $pwd_min_special = 1; > # Definition of special characters > $pwd_special_chars = "^a-zA-Z0-9"; > # Forbidden characters > #$pwd_forbidden_chars = "@%"; > # Don't reuse the same password as currently > $pwd_no_reuse = true; > # Complexity: number of different class of character required > $pwd_complexity = 2; > # Show policy constraints message: > # always > # never > # onerror > $pwd_show_policy = "onerror"; > > # Who changes the password? > # Also applicable for question/answer save > # user: the user itself > # manager: the above binddn > $who_change_password = "user"; > > ## Questions/answers > # Use questions/answers? > # true (default) > # false > $use_questions = false; > > # Answer attribute should be hidden to users! > $answer_objectClass = "extensibleObject"; > $answer_attribute = "info"; > > # Extra questions (built-in questions are in lang/$lang.inc.php) > #$messages['questions']['ice'] = "What is your favorite ice cream flavor?"; > > ## Token > # Use tokens? > # true (default) > # false > $use_tokens = true; > # Crypt tokens? > # true (default) > # false > $crypt_tokens = true; > # Token lifetime in seconds > $token_lifetime = "3600"; > > ## Mail > # LDAP mail attribute > $mail_attribute = "mail"; > # Who the email should come from > $mail_from = "[email protected]"; > # Notify users anytime their password is changed > $notify_on_change = true; > > # Display help messages > $show_help = true; > > # Language > $lang ="en"; > > # Logo > $logo = "style/ltb-logo.png"; > > # Debug mode > $debug = true; > > # Encryption, decryption keyphrase > $keyphrase = "secret"; > > # Where to log password resets - Make sure apache has write permission > # By default, they are logged in Apache log > $reset_request_log = "/var/log/self-service-password"; > > ## CAPTCHA > # Use Google reCAPTCHA (http://www.google.com/recaptcha) > # Go on the site to get public and private key > $use_recaptcha = false; > $recaptcha_publickey = ""; > $recaptcha_privatekey = ""; > # Customize theme (see > http://code.google.com/intl/de-DE/apis/recaptcha/docs/customization.html) > # Examples: red, white, blackglass, clean > $recaptcha_theme = "white"; > > ?> > > > ############# LOGS ########### > ==> httpd/ssp_access_log <== > 192.168.6.76 - - [09/Oct/2012:14:58:08 +0530] "POST / HTTP/1.1" 200 2011 > "http://192.168.6.180/"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) > AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4" > > ==> httpd/ssp_error_log <== > [Tue Oct 09 14:58:08 2012] [error] [client 192.168.6.76] PHP Warning: > ldap_get_values() [<a > href='function.ldap-get-values'>function.ldap-get-values</a>]: Cannot get > the value(s) of attribute Decoding error in > /usr/share/self-service-password/pages/change.php on line 116, referer: > http://192.168.6.180/ > [Tue Oct 09 14:58:08 2012] [error] [client 192.168.6.76] PHP Warning: > preg_match_all() [<a > href='function.preg-match-all'>function.preg-match-all</a>]: Compilation > failed: missing terminating ] for character class at offset 2 in > /usr/share/self-service-password/lib/functions.inc.php on line 153, referer: > http://192.168.6.180/ > > ==> ldap.log <== > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 fd=12 ACCEPT from > IP=192.168.6.180:57467 (IP=0.0.0.0:389) > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 BIND dn="cn=admin,dc=ss" > method=128 > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 BIND dn="cn=admin,dc=ss" > mech=SIMPLE ssf=0 > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 RESULT tag=97 err=0 text= > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=1 SRCH base="dc=ss" scope=2 > deref=0 filter="(&(objectClass=inetOrgPerson)(uid=ramesh))" > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to > "dc=ss" "entry" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to > "cn=Ramesh Kumar,ou=people,dc=ss" "objectClass" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to > "cn=Ramesh Kumar,ou=people,dc=ss" "uid" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "entry" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (cn) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "cn" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (sn) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "sn" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (givenName) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "givenName" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (gidNumber) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "gidNumber" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (homeDirectory) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "homeDirectory" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (loginShell) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "loginShell" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (objectClass) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "objectClass" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result was in cache > (objectClass) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result was in cache > (objectClass) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (uid) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "uid" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (uidNumber) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "uidNumber" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (userPassword) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to > "cn=Ramesh Kumar,ou=people,dc=ss" "userPassword" requested > Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted > by manage(=mwrscxd) > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=1 SEARCH RESULT tag=101 > err=0 nentries=1 text= > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND anonymous > mech=implicit ssf=0 > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND dn="cn=Ramesh > Kumar,ou=people,dc=ss" method=128 > Oct 9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry: > "cn=ramesh kumar,ou=people,dc=ss" > Oct 9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry: > "cn=defaultpwpolicy,ou=policies,dc=ss" > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache > (userPassword) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: auth access to > "cn=Ramesh Kumar,ou=people,dc=ss" "userPassword" requested > Oct 9 14:58:08 ldap01 slapd[5679]: => acl_get: [1] attr userPassword > Oct 9 14:58:08 ldap01 slapd[5679]: => acl_mask: access to entry "cn=Ramesh > Kumar,ou=people,dc=ss", attr "userPassword" requested > Oct 9 14:58:08 ldap01 slapd[5679]: => acl_mask: to value by "", (=0) > Oct 9 14:58:08 ldap01 slapd[5679]: <= check a_dn_pat: cn=auther,dc=ss > Oct 9 14:58:08 ldap01 slapd[5679]: <= check a_dn_pat: anonymous > Oct 9 14:58:08 ldap01 slapd[5679]: <= acl_mask: [2] applying auth(=xd) > (stop) > Oct 9 14:58:08 ldap01 slapd[5679]: <= acl_mask: [2] mask: auth(=xd) > Oct 9 14:58:08 ldap01 slapd[5679]: => slap_access_allowed: auth access > granted by auth(=xd) > Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: auth access granted > by auth(=xd) > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND dn="cn=Ramesh > Kumar,ou=people,dc=ss" mech=SIMPLE ssf=0 > Oct 9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry: > "cn=ramesh kumar,ou=people,dc=ss" > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 RESULT tag=97 err=0 text= > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=3 UNBIND > Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 fd=12 closed > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 fd=12 ACCEPT from > IP=192.168.6.182:60016 (IP=0.0.0.0:389) > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 BIND dn="cn=admin,dc=ss" > method=128 > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 BIND dn="cn=admin,dc=ss" > mech=SIMPLE ssf=0 > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 RESULT tag=97 err=0 text= > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SRCH base="dc=ss" scope=2 > deref=0 filter="(objectClass=*)" > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SRCH attr=* > structuralObjectClass entryCSN > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SEARCH RESULT tag=101 > err=0 nentries=0 text= > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=2 UNBIND > Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 fd=12 closed > ############################## > > On GUI, its says: "Your password is too big" >
See this paramter : $pwd_max_length = 1; Set it to 0 to remove max size test. You also need to se ad_mode to false. Please take a look at the documentation where all parameters are described: http://ltb-project.org/wiki/documentation/self-service-password/latest/start Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
