> On Sep 21, 2020, at 22:28, CLARKE, ED C <[email protected]> wrote:
>
> Hello Quanah,
>
> I appreciate your help, and I wanted to give you some insight on how IBM set
> up our LDAP server regarding password changes.
> Below is an example what we have, essentially the .sh script performs an
> ldapmodify operation, using the ResetPW.ldif file.
>
> ResetPW.sh ***** Reset password shell script ********
> $ cat ResetPW.sh
> #/bin/bash
>
> ldapmodify -h 127.0.0.1 -D "cn=Manager,dc=att,dc=com" -w
> LinuxONE -x -f /root/ResetPW.ldif
I really hope it’s not the real one.
> ----- root pdprfsl4.sldc.sbc.com /root -----
>
> ResetPW.ldif:
> $ cat ResetPW.ldif
> #
> dn: uid=foxdiv,ou=People,dc=att,dc=com
> changetype: modify
> replace: pwdReset
> pwdReset: TRUE
> -
> replace: userPassword
> userPassword: XXXXXXXXXX
> -
> ----- root pdprfsl4.sldc.sbc.com /root -----
>
> This process has been working, if this is not ideal, then I will make any
> changes that you recommend.
> Below is the results of a search command & the commands that you gave me:
>
> --- ec4397 Mon Sep 21 09:22:34 CDT 2020 pdprfsl4 /home/ec4397 ---
> $ sudo ldapsearch -x -b "uid=ec4397,ou=People,dc=att,dc=com" -H ldapi:/// -D
> "cn=Manager,dc=att,dc=com" -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <uid=ec4397,ou=People,dc=att,dc=com> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # ec4397, People, att.com
> dn: uid=ec4397,ou=People,dc=att,dc=com
> uid: ec4397
> cn: ec4397
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> shadowLastChange: 17780
> shadowMin: 0
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 2000
> gidNumber: 1001
> homeDirectory: /home/ec4397
> userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= *** I
> commented this out ****
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> --- ec4397 Mon Sep 21 09:22:34 CDT 2020 pdprfsl4 /home/ec4397 ---
>
> --- ec4397 Mon Sep 21 09:22:34 CDT 2020 pdprfsl4 /home/ec4397 ---
> $ sudo ldapwhoami -x -H ldapi:/// -D uid=foxdiv,ou=People,dc=att,dc=com -W
> [sudo] password for ec4397:
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
> --- ec4397 Mon Sep 21 09:22:34 CDT 2020 pdprfsl4 /home/ec4397 ---
>
> Any other tests that you would like me to run?
>
> Thanks,
> Ed
>
>
>
> -----Original Message-----
> From: Quanah Gibson-Mount <[email protected]>
> Sent: Friday, September 18, 2020 4:46 PM
> To: CLARKE, ED C <[email protected]>; [email protected]
> Subject: RE: Issues with resetting user password
>
>
>
> --On Friday, September 18, 2020 2:42 PM -0700 Quanah Gibson-Mount
> <[email protected]> wrote:
>
>> Nothing you've provided shows any attempt to connect to the ldap
>> server using an SIMPLE BIND with the user DN
>> "uid=foxdiv,ou=People,dc=att,dc=com" and a password.
>
> As an example, the correct way to test the user password change went through
> would be something like:
>
> ldapwhoami -x -H ldap://ldap.example.com:389/ -D
> uid=foxdiv,ou=People,dc=att,dc=com -W
>
>
> If slapd is running on ldaps, adjust the URI accordingly. If it's on port
> 389 but requires startTLS, add the -ZZ option, etc.
>
> You will be prompted for the password for the LDAP user. If the operation
> succeeds, then the password was correctly updated in LDAP.
>
> It sounds as though you may be attempting *nix <-> ldap integration, but
> that hasn't been specified. Regardless, the above ldapwhoami command is
> the next step in confirming whether or not the password was correctly
> changed and accepted on the user side. If that works, and you're
> attempting the *nix<->ldap integration and *that* is not working, it would
> imply that the integration is not configured correctly.
>
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=BQ_G-uwK8fNzomGg07UAOw&m=Y28PgXtiljLwY4wK27SGBoxO1QfiORYohCxZ9o64WsM&s=CqcrKk1NdaFebMowKt5QjliLvA_RCVEadq8MIoK_s4U&e=
> >
