I know these questions may sound dumb, but bear with me:
1. Are you sure that the entry you are trying to modify exists in LDAP?
Can you find it by doing an ldapsearch?
2. Are you sure the attribute that holds password is named 'userPassword'?
This is really a simple task, which makes me think something else is
wrong. In my perl script for changing a user's password, it's this
simple (using a different Net::LDAP function):
use Net::LDAP::Extension::SetPassword;
...
...
$mesg = $ldap->set_password(user => $ldap_user_dn,
newpasswd => $new_passwd);
--
Prentice
Robert Threet wrote:
> I injected the dn but now it complains - objectclass person requires
> surname. Tried them all - they all say that. Grr! Just want to change
> the password without knowing the old password.
>
> On 02/18/2011 10:40 AM, Prentice Bisbal wrote:
>> Robert,
>>
>> I have been using Net::LDAP to create accounts one at a time for about a
>> year now. Based on the error you are seeing, I suspect that you are
>> forgetting to add the correct objectClass that contains the attribute
>> you want to store the attribute in.
>>
>> Searching your code, I don't see you adding any objectClasses. You just
>> createa DN, and then add the the password to the userPassword attribute.
>>
>> I don't know what schema(s) you are using, but for my OpenLDAP server, I
>> would need to add the objectClass 'top', and then the objectClass of
>> 'person', 'organizationalPerson', or 'inetOrgPerson' before I can add
>> the userPassword attribute. You can find out exactly what you need by
>> inspecting your own schema.
>>
>> Here's a sample of my code. I hope it's still readable after it gets
>> line-wrapped by our mail clients.
>>
>> $entry = Net::LDAP::Entry->new($dn,
>> objectClass =>['top',
>> 'posixAccount',
>> 'shadowAccount',
>> 'inetOrgPerson',
>> 'inetLocalMailRecipient',
>> 'eduPerson'
>> ],
>> uid => $uid,
>> uidNumber => $uidnumber,
>> gidNumber => $gidnumber,
>> cn => $cn,
>> sn => $sn,
>> gecos => $gecos,
>> homeDirectory => $homedir,
>> loginShell => $loginshell,
>> mail => $mail,
>> mailHost => $mailhost,
>> mailRoutingAddress => $mailroutingaddress
>>
>> );
>>
>> --
>> Prentice
>>
>>
>>
>> Robert Threet wrote:
>>> I have a working Net::LDAP::Entry program for adding users so I decided
>>> to gut it to create a userPassword changer.
>>>
>>> I keep getting "Error changing password: no objectClass attribute".
>>>
>>> I cannot find examples doing simple one-at-a-time adds like this. All I
>>> can find are examples using arrays and hashes and cannot seem to
>>> translate it to this. Any tips?
>>>
>>> sub resetMacAcct($newuid,$pw,$newpw){
>>> $time = localtime time;
>>> $theirIP = $q->remote_addr();
>>> # create mac account
>>> $macldapsvr = "XXX.XXX.XXX.XXX";
>>> $macADMdn = "uid=admin,cn=people,dc=lib-mac,dc=local";
>>> $macadmpwd ="XXXXXXXX";
>>> $macBind = Net::LDAP->new($macldapsvr,
>>> port => 389,
>>> debug => 0,
>>> timeout => 60,
>>> version => 3
>>> ) or die "Couldn't connect to Mac LDAP server: $@";
>>> my $conn = $macBind->bind(dn => $macADMdn,
>>> password => $macadmpwd);
>>> if ($conn->code){
>>> die 'Cannot bind:' . $conn->error . "\n";}
>>>
>>> my $macEntry = Net::LDAP::Entry->new;
>>> $newdn="uid=" . $username . ",cn=people,dc=lib-mac,dc=local";
>>> $macEntry->dn($newdn);
>>> # added sha1 hashing
>>> $salt=XX;
>>> $ctx = Digest::SHA1->new;
>>> $ctx->add($newpw);
>>> $ctx->add($salt);
>>> $newMacpw = '{SSHA}' . encode_base64($ctx->digest . $salt ,'');
>>> $macEntry->replace(userPassword => $newMacpw);
>>> my $add = $macBind->add($macEntry);
>>> die "Error changing password: " . $add->error()."\n" if
>>> $add->code();
>>> print LOG "$time;$cn;$theirIP;$username\n";
>>> $macBind->unbind();
>>> }
>>>
>>>
>>>
>
>
