Hello Quanah,
I am using OpenLDAP, on an IBM LinuxONE server, IBM just helped with the setup.
I also was able to test the below on my other ldap server & it performed as
expected & changed the password.
----- root pdprfdl4.dadc.sbc.com /root -----
$ ldappasswd -H ldapi:/// -x -D "cn=Manager,dc=att,dc=com" -W -S
uid=foxdiv,ou=People,dc=att,dc=com
New password:
Re-enter new password:
Enter LDAP Password:
----- root pdprfdl4.dadc.sbc.com /root -----
$ ldapwhoami -x -H ldapi:/// -D uid=foxdiv,ou=People,dc=att,dc=com -W
Enter LDAP Password:
dn:uid=foxdiv,ou=People,dc=att,dc=com
----- root pdprfdl4.dadc.sbc.com /root -----
$
----- root pdprfdl4.dadc.sbc.com /root -----
$
----- root pdprfdl4.dadc.sbc.com /root -----
$ rpm -qa | grep -i ldap
openldap-clients-2.4.44-21.el7_6.s390x
sssd-ldap-1.16.2-13.el7_6.12.s390x
openldap-2.4.44-21.el7_6.s390x
openldap-servers-2.4.44-21.el7_6.s390x
----- root pdprfdl4.dadc.sbc.com /root -----
$
On my server with the issue, the command runs, but when I try logging in with
the new password, it fails, but I can log in with the old password.
----- root pdprfsl4.sldc.sbc.com /root -----
$ ldappasswd -H ldapi:/// -x -D "cn=Manager,dc=att,dc=com" -W -S
uid=foxdiv,ou=People,dc=att,dc=com
New password:
Re-enter new password:
Enter LDAP Password:
----- root pdprfsl4.sldc.sbc.com /root -----
$ ldapwhoami -x -H ldapi:/// -D uid=foxdiv,ou=People,dc=att,dc=com -W
Enter LDAP Password:
dn:uid=foxdiv,ou=People,dc=att,dc=com
----- root pdprfsl4.sldc.sbc.com /root -----
$ rpm -qa | grep -i ldap
nss-pam-ldapd-0.8.13-25.el7.s390x
compat-openldap-2.3.43-5.el7.s390x
openldap-clients-2.4.44-21.el7_6.s390x
openldap-servers-2.4.44-21.el7_6.s390x
openldap-2.4.44-21.el7_6.s390x
sssd-ldap-1.16.5-1.el7.s390x
----- root pdprfsl4.sldc.sbc.com /root -----
Thanks,
Ed
-----Original Message-----
From: Quanah Gibson-Mount <[email protected]>
Sent: Monday, September 21, 2020 5:10 PM
To: CLARKE, ED C <[email protected]>; [email protected]
Subject: RE: Issues with resetting user password
--On Monday, September 21, 2020 10:28 PM +0000 "CLARKE, ED C"
<[email protected]> wrote:
> Hello Quanah,
>
> I appreciate your help, and I wanted to give you some insight on how
> IBM set up our LDAP server regarding password changes. Below is an
> example what we have, essentially the .sh script performs an
> ldapmodify operation, using the ResetPW.ldif file.
What directory server are you running? The discussion so far has been assuming
that you're using OpenLDAP. IBM's directory server may have different
requirements.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=BQ_G-uwK8fNzomGg07UAOw&m=092vbmBCj-ZgaQs5MlxsCZjcua5fBWBJ-Qsw0Xic0UI&s=x9vVT0tMkfmFzw54dcXwZDb2OCpv5Yv1hxlLBOM920s&e=
>
