your SSL cert or your DNS is bad. TLS requires full forward and revers lookup of the C name for the host to match one of the host names in the SSL cert. On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K. <Rohit.Chaudhari@xxxxxxxxxx> wrote: > I'm not using kerberos. The other suggestion about using ldappasswd led > to the error: > > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) > Additional info: TLS: hostname does not match CN in peer certificate > > Is there a way to create a JNDI equivalent command so that I could add a > checkbox to a Java GUI that basically toggles the "force password change > after reset" checkbox built into the password policy in 389? > > On 1/22/14 10:49 AM, "Paul Robert Marino" <prmarino1@xxxxxxxxx> wrote: > >>sorry thats not possible. >>If you are using Kerberos then you can do it via the kadmin command. >>If not then you have to use one of several other tools like the admin >>console or ldapmodify for example. >> >> >>On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. >><Rohit.Chaudhari@xxxxxxxxxx> wrote: >>> Hello, >>> >>> I need to be able to reset a LDAP user's password if they forget it >>>with the >>> user root. But when I try the "passwd" command as root for a LDAP >>>user, I >>> get the following: >>> >>> (as root) >>> passwd tuser >>> Changing password for user tuser. >>> Password reset by root is not supported. >>> passwd: Authentication token manipulation error. >>> >>> I am using sssd as the LDAP authentication mechanism tool, to be >>>specific. >>> Does anyone have a solution to dealing with this issue of resetting a >>>LDAP >>> user's password if they forgot it? >>> >>> Thanks, >>> >>> Rohit >>> >>> From: <Chaudhari>, "Rohit K. Chaudhari" <rohit.chaudhari@xxxxxxxxxx> >>> Date: Tuesday, January 21, 2014 3:29 PM >>> To: "General discussion list for the 389 Directory server project." >>> <389-users@xxxxxxxxxxxxxxxxxxxxxxx> >>> Subject: using passwd with 389 >>> >>> Hello, >>> >>> I want to be able to use the Unix "passwd" command to reset a LDAP >>>user's >>> password from the command line. However, I keep getting an >>>authentication >>> token manipulation error whenever I try to reset the password using that >>> command. What do I need to do in the 389 DS or on Unix in order to get >>>this >>> command to work? >>> >>> Thanks, >>> >>> Rohit >>> >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>-- >>389 users mailing list >>389-users@xxxxxxxxxxxxxxxxxxxxxxx >>https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
