Re: Reset Password as Root if User Forgets Password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm not using kerberos.  The other suggestion about using ldappasswd led
to the error:

ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Additional info: TLS: hostname does not match CN in peer certificate

Is there a way to create a JNDI equivalent command so that I could add a
checkbox to a Java GUI that basically toggles the "force password change
after reset" checkbox built into the password policy in 389?

On 1/22/14 10:49 AM, "Paul Robert Marino" <prmarino1@xxxxxxxxx> wrote:

>sorry thats not possible.
>If you are using Kerberos then you can do it via the kadmin command.
>If not then you have to use one of several other tools like the admin
>console or ldapmodify for example.
>
>
>On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K.
><Rohit.Chaudhari@xxxxxxxxxx> wrote:
>> Hello,
>>
>> I need to be able to reset a LDAP user's password if they forget it
>>with the
>> user root.  But when I try the "passwd" command as root for a LDAP
>>user,  I
>> get the following:
>>
>> (as root)
>> passwd tuser
>> Changing password for user tuser.
>> Password reset by root is not supported.
>> passwd: Authentication token manipulation error.
>>
>> I am using sssd as the LDAP authentication mechanism tool, to be
>>specific.
>> Does anyone have a solution to dealing with this issue of resetting a
>>LDAP
>> user's password if they forgot it?
>>
>> Thanks,
>>
>> Rohit
>>
>> From: <Chaudhari>, "Rohit K. Chaudhari" <rohit.chaudhari@xxxxxxxxxx>
>> Date: Tuesday, January 21, 2014 3:29 PM
>> To: "General discussion list for the 389 Directory server project."
>> <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
>> Subject: using passwd with 389
>>
>> Hello,
>>
>> I want to be able to use the Unix "passwd" command to reset a LDAP
>>user's
>> password from the command line.  However, I keep getting an
>>authentication
>> token manipulation error whenever I try to reset the password using that
>> command.  What do I need to do in the 389 DS or on Unix in order to get
>>this
>> command to work?
>>
>> Thanks,
>>
>> Rohit
>>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>--
>389 users mailing list
>389-users@xxxxxxxxxxxxxxxxxxxxxxx
>https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux