On 01/22/2014 12:31 PM, Chaudhari, Rohit K. wrote: > Before I explore this further, when using "ldappasswd," will it still > prompt me for the current password before I can type in a new password to > replace it? You need to be bound to the LDAP server as a user who has permission to change the password. If you are changing your own password, you need to supply your existing password to complete this bind operation. If you are an admin resetting a password for a different user, you will need to supply the admin user password to complete the bind, but you will not need to supply the user's existing password. The ldappasswd command requires that the connection is protected with SSL/TLS or a SASL mechanism that provides confidentiality. You will need to resolve your TLS problem. > > > On 1/22/14 3:26 PM, "Paul Robert Marino" <prmarino1@xxxxxxxxx> wrote: > >> your SSL cert or your DNS is bad. TLS requires full forward and revers >> lookup of the C name for the host to match one of the host names in >> the SSL cert. >> >> >> >> On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K. >> <Rohit.Chaudhari@xxxxxxxxxx> wrote: >>> I'm not using kerberos. The other suggestion about using ldappasswd led >>> to the error: >>> >>> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) >>> Additional info: TLS: hostname does not match CN in peer certificate >>> >>> Is there a way to create a JNDI equivalent command so that I could add a >>> checkbox to a Java GUI that basically toggles the "force password change >>> after reset" checkbox built into the password policy in 389? >>> >>> On 1/22/14 10:49 AM, "Paul Robert Marino" <prmarino1@xxxxxxxxx> wrote: >>> >>>> sorry thats not possible. >>>> If you are using Kerberos then you can do it via the kadmin command. >>>> If not then you have to use one of several other tools like the admin >>>> console or ldapmodify for example. >>>> >>>> >>>> On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. >>>> <Rohit.Chaudhari@xxxxxxxxxx> wrote: >>>>> Hello, >>>>> >>>>> I need to be able to reset a LDAP user's password if they forget it >>>>> with the >>>>> user root. But when I try the "passwd" command as root for a LDAP >>>>> user, I >>>>> get the following: >>>>> >>>>> (as root) >>>>> passwd tuser >>>>> Changing password for user tuser. >>>>> Password reset by root is not supported. >>>>> passwd: Authentication token manipulation error. >>>>> >>>>> I am using sssd as the LDAP authentication mechanism tool, to be >>>>> specific. >>>>> Does anyone have a solution to dealing with this issue of resetting a >>>>> LDAP >>>>> user's password if they forgot it? >>>>> >>>>> Thanks, >>>>> >>>>> Rohit >>>>> >>>>> From: <Chaudhari>, "Rohit K. Chaudhari" <rohit.chaudhari@xxxxxxxxxx> >>>>> Date: Tuesday, January 21, 2014 3:29 PM >>>>> To: "General discussion list for the 389 Directory server project." >>>>> <389-users@xxxxxxxxxxxxxxxxxxxxxxx> >>>>> Subject: using passwd with 389 >>>>> >>>>> Hello, >>>>> >>>>> I want to be able to use the Unix "passwd" command to reset a LDAP >>>>> user's >>>>> password from the command line. However, I keep getting an >>>>> authentication >>>>> token manipulation error whenever I try to reset the password using >>>>> that >>>>> command. What do I need to do in the 389 DS or on Unix in order to >>>>> get >>>>> this >>>>> command to work? >>>>> >>>>> Thanks, >>>>> >>>>> Rohit >>>>> >>>>> -- >>>>> 389 users mailing list >>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> -- >>>> 389 users mailing list >>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
