Le 18/10/2016 à 22:06, Gray McCord a écrit :
I have been using ltb self-service password with an AD LDAP server for
several years with no problems. Today, one of my users told me that he
could not use the send token method to reset his password. He gets the
email with a proper link and the page shows up as expected prompting
him for a new password with his proper username displayed. However,
when he submits his new password, he gets a “password was refused by
the LDAP directory” error message. I verified this and also
determined that the regular password change form has the same
behavior. As I said, this has not been a problem for the 3 years I’ve
been using the program. To make this even more interesting, some
users do not have this problem and can successfully set and change
their passwords.
First, has anyone seen this kind of thing, and what exactly does that
particular error message mean? (I get what it means; I want to know
what behavior triggers the message) Second, can anyone provide any
tips on how I might go about troubleshooting this?
Hi Gray,
if SSP error is “password was refused by the LDAP directory”, this means
the directory (in your case AD) has rejected the password. Often it is
because the password complexity is too low or does not fit to other
parameters of the AC password policy (history, size, ...)
You can try to set debug to true in SSP config to get more information,
but the best would be to have the log on AD side that will explain why
the password was rejected.
And if you don't have it done yet, try to use the latest version of SSP
(1.0) that was published some days ago.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75008 PARIS
Blog: http://sflx.ca/coudot
_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-users
