Martin Schuster (IFKL IT OS DSM CD) wrote:
Doing
ldapsearch -w zak -D 'uid=schumar,[...],dc=com' -b 'dc=com' '(uid=schumar)' -x
works fine (apart from the server spewing out
ERROR [org.apache.directory.server.ldap.support.UnbindHandler] - failed to
unbind session properly
at the end)
We are aware of this error, and we still have to fix it ... (but this is not
related to your issue :)
But if the user tries to change his password using
ldappasswd -a zak -D 'uid=schumar,[...],dc=com' -x
he gets
ldap_bind: Invalid credentials (49)
and the server says
INFO [org.apache.directory.server.core.authn.SimpleAuthenticator] - Password
not correct for user 'uid=schumar,[...],dc=com'
accessControl is disabled, so if I understood correctly this isn't a problem
with ACIs, right?
ACIs are not guilty, see further.
btw, I have the same problem when trying to bind with uid=admin,ou=system with
ldappasswd.
Plain normal, the same method is applied for admin and all users.
The ldappasswd is using an extended request, described by RFC 3062. I
_think_ we support this RFC, but it may be buggy (I don't remember last
time we tested it... was far to away in the past :).
I suggest you fill a JIRA so that we check and eventually fix a
potential issue of the next release (1.5.3).
I gonna check what's going on with this request anyway, but for the
record, I would really appreciate a JIRA !
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
