It worked for me. I can change the password from GUI after changing the shadow last change to false
$shadow_options['update_shadowLastChange'] = false; Thanks Ramesh On Oct 9, 2012, at 3:07 PM, Clément OUDOT wrote: > 2012/10/9 Ramesh Kumar <[email protected]>: >> Please find the config.inc.php file and complete logs while I am trying to >> change the password from GUI. >> >> <?php >> #============================================================================== >> # LTB Self Service Password >> # >> # Copyright (C) 2009 Clement OUDOT >> # Copyright (C) 2009 LTB-project.org >> # >> # This program is free software; you can redistribute it and/or >> # modify it under the terms of the GNU General Public License >> # as published by the Free Software Foundation; either version 2 >> # of the License, or (at your option) any later version. >> # >> # This program is distributed in the hope that it will be useful, >> # but WITHOUT ANY WARRANTY; without even the implied warranty of >> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> # GNU General Public License for more details. >> # >> # GPL License: http://www.gnu.org/licenses/gpl.txt >> # >> #============================================================================== >> >> #============================================================================== >> # Configuration >> #============================================================================== >> # LDAP > ... >> >> # Active Directory mode >> # true: use unicodePwd as password field >> # false: LDAPv3 standard behavior >> $ad_mode = true; >> # Force account unlock when password is changed >> $ad_options['force_unlock'] = true; >> # Force user change password at next login >> $ad_options['force_pwd_change'] = false; >> >> # Samba mode >> # true: update sambaNTpassword and sambaPwdLastSet attributes too >> # false: just update the password >> # Warning: this require mhash() to be installed on your system >> $samba_mode = false; >> >> # Shadow options - require shadowAccount objectClass >> # Update shadowLastChange >> $shadow_options['update_shadowLastChange'] = true; >> >> # Hash mechanism for password: >> # SSHA >> # SHA >> # SMD5 >> # MD5 >> # CRYPT >> # clear (the default) >> # This option is not used with ad_mode = true >> $hash = "SSHA"; >> >> # Local password policy >> # This is applied before directory password policy >> # Minimal length >> $pwd_min_length = 10; >> # Maximal length >> $pwd_max_length = 1; >> # Minimal lower characters >> $pwd_min_lower = 1; >> # Minimal upper characters >> $pwd_min_upper = 1; >> # Minimal digit characters >> $pwd_min_digit = 1; >> # Minimal special characters >> $pwd_min_special = 1; >> # Definition of special characters >> $pwd_special_chars = "^a-zA-Z0-9"; >> # Forbidden characters >> #$pwd_forbidden_chars = "@%"; >> # Don't reuse the same password as currently >> $pwd_no_reuse = true; >> # Complexity: number of different class of character required >> $pwd_complexity = 2; >> # Show policy constraints message: >> # always >> # never >> # onerror >> $pwd_show_policy = "onerror"; >> >> # Who changes the password? >> # Also applicable for question/answer save >> # user: the user itself >> # manager: the above binddn >> $who_change_password = "user"; >> >> ## Questions/answers >> # Use questions/answers? >> # true (default) >> # false >> $use_questions = false; >> >> # Answer attribute should be hidden to users! >> $answer_objectClass = "extensibleObject"; >> $answer_attribute = "info"; >> >> # Extra questions (built-in questions are in lang/$lang.inc.php) >> #$messages['questions']['ice'] = "What is your favorite ice cream flavor?"; >> >> ## Token >> # Use tokens? >> # true (default) >> # false >> $use_tokens = true; >> # Crypt tokens? >> # true (default) >> # false >> $crypt_tokens = true; >> # Token lifetime in seconds >> $token_lifetime = "3600"; >> >> ## Mail >> # LDAP mail attribute >> $mail_attribute = "mail"; >> # Who the email should come from >> $mail_from = "[email protected]"; >> # Notify users anytime their password is changed >> $notify_on_change = true; >> >> # Display help messages >> $show_help = true; >> >> # Language >> $lang ="en"; >> >> # Logo >> $logo = "style/ltb-logo.png"; >> >> # Debug mode >> $debug = true; >> >> # Encryption, decryption keyphrase >> $keyphrase = "secret"; >> >> # Where to log password resets - Make sure apache has write permission >> # By default, they are logged in Apache log >> $reset_request_log = "/var/log/self-service-password"; >> >> ## CAPTCHA >> # Use Google reCAPTCHA (http://www.google.com/recaptcha) >> # Go on the site to get public and private key >> $use_recaptcha = false; >> $recaptcha_publickey = ""; >> $recaptcha_privatekey = ""; >> # Customize theme (see >> http://code.google.com/intl/de-DE/apis/recaptcha/docs/customization.html) >> # Examples: red, white, blackglass, clean >> $recaptcha_theme = "white"; >> >> ?> >> >> >> ############# LOGS ########### >> ==> httpd/ssp_access_log <== >> 192.168.6.76 - - [09/Oct/2012:14:58:08 +0530] "POST / HTTP/1.1" 200 2011 >> "http://192.168.6.180/"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) >> AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4" >> >> ==> httpd/ssp_error_log <== >> [Tue Oct 09 14:58:08 2012] [error] [client 192.168.6.76] PHP Warning: >> ldap_get_values() [<a >> href='function.ldap-get-values'>function.ldap-get-values</a>]: Cannot get >> the value(s) of attribute Decoding error in >> /usr/share/self-service-password/pages/change.php on line 116, referer: >> http://192.168.6.180/ >> [Tue Oct 09 14:58:08 2012] [error] [client 192.168.6.76] PHP Warning: >> preg_match_all() [<a >> href='function.preg-match-all'>function.preg-match-all</a>]: Compilation >> failed: missing terminating ] for character class at offset 2 in >> /usr/share/self-service-password/lib/functions.inc.php on line 153, referer: >> http://192.168.6.180/ >> >> ==> ldap.log <== >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 fd=12 ACCEPT from >> IP=192.168.6.180:57467 (IP=0.0.0.0:389) >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 BIND dn="cn=admin,dc=ss" >> method=128 >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 BIND dn="cn=admin,dc=ss" >> mech=SIMPLE ssf=0 >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 RESULT tag=97 err=0 text= >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=1 SRCH base="dc=ss" scope=2 >> deref=0 filter="(&(objectClass=inetOrgPerson)(uid=ramesh))" >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to >> "dc=ss" "entry" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "objectClass" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "uid" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "entry" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (cn) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "cn" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (sn) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "sn" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (givenName) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "givenName" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (gidNumber) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "gidNumber" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (homeDirectory) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "homeDirectory" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (loginShell) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "loginShell" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (objectClass) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "objectClass" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result was in cache >> (objectClass) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result was in cache >> (objectClass) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (uid) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "uid" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (uidNumber) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "uidNumber" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (userPassword) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "userPassword" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: <= root access granted >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted >> by manage(=mwrscxd) >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=1 SEARCH RESULT tag=101 >> err=0 nentries=1 text= >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND anonymous >> mech=implicit ssf=0 >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND dn="cn=Ramesh >> Kumar,ou=people,dc=ss" method=128 >> Oct 9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry: >> "cn=ramesh kumar,ou=people,dc=ss" >> Oct 9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry: >> "cn=defaultpwpolicy,ou=policies,dc=ss" >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache >> (userPassword) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: auth access to >> "cn=Ramesh Kumar,ou=people,dc=ss" "userPassword" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: => acl_get: [1] attr userPassword >> Oct 9 14:58:08 ldap01 slapd[5679]: => acl_mask: access to entry "cn=Ramesh >> Kumar,ou=people,dc=ss", attr "userPassword" requested >> Oct 9 14:58:08 ldap01 slapd[5679]: => acl_mask: to value by "", (=0) >> Oct 9 14:58:08 ldap01 slapd[5679]: <= check a_dn_pat: cn=auther,dc=ss >> Oct 9 14:58:08 ldap01 slapd[5679]: <= check a_dn_pat: anonymous >> Oct 9 14:58:08 ldap01 slapd[5679]: <= acl_mask: [2] applying auth(=xd) >> (stop) >> Oct 9 14:58:08 ldap01 slapd[5679]: <= acl_mask: [2] mask: auth(=xd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => slap_access_allowed: auth access >> granted by auth(=xd) >> Oct 9 14:58:08 ldap01 slapd[5679]: => access_allowed: auth access granted >> by auth(=xd) >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND dn="cn=Ramesh >> Kumar,ou=people,dc=ss" mech=SIMPLE ssf=0 >> Oct 9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry: >> "cn=ramesh kumar,ou=people,dc=ss" >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 RESULT tag=97 err=0 text= >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 op=3 UNBIND >> Oct 9 14:58:08 ldap01 slapd[5679]: conn=1045 fd=12 closed >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 fd=12 ACCEPT from >> IP=192.168.6.182:60016 (IP=0.0.0.0:389) >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 BIND dn="cn=admin,dc=ss" >> method=128 >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 BIND dn="cn=admin,dc=ss" >> mech=SIMPLE ssf=0 >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 RESULT tag=97 err=0 text= >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SRCH base="dc=ss" scope=2 >> deref=0 filter="(objectClass=*)" >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SRCH attr=* >> structuralObjectClass entryCSN >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SEARCH RESULT tag=101 >> err=0 nentries=0 text= >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 op=2 UNBIND >> Oct 9 14:58:10 ldap01 slapd[5679]: conn=1046 fd=12 closed >> ############################## >> >> On GUI, its says: "Your password is too big" >> > > See this paramter : > > $pwd_max_length = 1; > > Set it to 0 to remove max size test. > > You also need to se ad_mode to false. > > Please take a look at the documentation where all parameters are > described: > http://ltb-project.org/wiki/documentation/self-service-password/latest/start > > Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
