RE: [EXT] Re: Re: Understanding ldappasswd: ldap_bind: Invalid credentials (49)

Fri, 22 Aug 2025 04:33:16 -0700 

(shame!)

Bastian, you are right!
One should never do a "quick hack" to existing scripts:
In the original version the MAANGER was specified without the common CONTEXT, 
so the script used -D "$MANAGER","$CONTEXT".
The DN however was including the CONTEXT (maybe to shorten the script line that 
uses it).
When using MANAGER="$DN" I got a MANAGER that includes the CONTEXT already.
The idea was "use the user name as manager, so the user will change its own 
password". The idea was correct, but "MANAGER=$DN was not. 8-(

Kind regards,
Ulrich Windl

> -----Original Message-----
> From: b...@eva05.jsc.fz-juelich.de <b...@eva05.jsc.fz-juelich.de> On
> Behalf Of Bastian Tweddell
> Sent: Friday, August 22, 2025 8:58 AM
> To: Windl, Ulrich <u.wi...@ukr.de>
> Subject: [EXT] Re: Re: Understanding ldappasswd: ldap_bind: Invalid
> credentials (49)
> 
> 
> Hi Ulrich,
> 
> Given that ldappasswd basically works, maybe check your variables.
> I think you append `$CONTEXT` two times:
> 
> On 22Aug25 06:43+0000, Windl, Ulrich wrote:
> > > > CONTEXT='dc=...'
> > > > if [ -n "$1" ]; then
> > > >     DN="uid=${1},ou=people,$CONTEXT"
> 
> => DN="uid=username_from_arg1,ou=people,dc=..."
>                                         ^^^^^^
> 
> > > >     MANAGER="$DN"
> 
> => MANAGER="uid=username_from_arg1,ou=people,dc=..."
>                                              ^^^^^^
> 
> > > >     echo "$MANAGER changing password for $DN"
> > > >     ldappasswd -H "$SERVER" -x -ZZ -D "$MANAGER","$CONTEXT" -W
> ${2:+-S
> 
> => -D "uid=username_from_arg1,ou=people,dc=...","dc=..."
>                                         ^^^^^^   ^^^^^^
> 
> This would be wrong, wouldn't it?
> 
> In general, think about using `set -euo pipefail` in bash scripts, and
> in this case also use `set -x`. So you could spot that easily.
> Also ldap cmdline tools usually take `-d -1` to print all debug info,
> but you know that.
> 
> 
> Das hätte ich wohl auch auf Deutsch schreiben können :)
> Ich habs nicht an die Liste geschickt.
> 
> 
> Viele Grüße,
> --
> Bastian Tweddell
> Juelich Supercomputing Centre
> phone: +49 (2461) 61-6586
> 
> ---------------------------------------------------------------------------------------------
> ---------------------------------------------------------------------------------------------
> Forschungszentrum Jülich GmbH
> 52425 Jülich
> Sitz der Gesellschaft: Jülich
> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
> Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
> Dr. Stephanie Bauer (stellvertretende Vorsitzende),
> Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers
> ---------------------------------------------------------------------------------------------
> ---------------------------------------------------------------------------------------------

Reply via email to