[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Changing passwords in Active Directory
- To: <openldap-software@OpenLDAP.org>
- Subject: Changing passwords in Active Directory
- From: "Adams, Gavin" <gadams@promisant.com>
- Date: Tue, 11 Jun 2002 11:56:16 -0400
- Content-class: urn:content-classes:message
- Thread-index: AcIRYIUM5DFRdtvSRj2NghbZBogpDg==
- Thread-topic: Changing passwords in Active Directory
Good day,
I'm in the process of integrating a RedHat 7.2 system into our corporate
Active Directory (AD) to reduce the management of user accounts, etc.
I've followed the steps to incorporate the schema bits, have enabled
anonymous searches, verified in talking SSL to the domain controller on
port 636, and am able to login to the RedHat system and enumerate the
uid and gid's. So far, so good.
Now I'm trying to get the passwd command to update the users password in
AD. It takes the old password and new password, but returns the
following:
bash-2.05$ passwd
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Unknown error
00000005: SecErr: DSID-03190C3D, problem 4003 (INSUFF_ACCESS_RIGHTS),
data 0
passwd: Permission denied
I assume this might have something to do with SSL/TLS, but my experience
with OpenLDAP is limited.
Any thoughts on how to troubleshoot the password changing stuff????
Here's my /etc/ldap.conf file:
# @(#)$Id: ldap.conf,v 1.24 2001/09/20 14:12:26 lukeh Exp $
host corpdc02.corp.promisant.com corpdc01.corp.promisant.com
base dc=corp,dc=promisant,dc=com
ldap_version 3
port 636
pam_password ad
# RFC2307bis naming contexts
nss_base_passwd dc=corp,dc=promisant,dc=com?sub
nss_base_shadow dc=corp,dc=promisant,dc=com?sub
nss_base_group dc=corp,dc=promisant,dc=com?sub
# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uniqueMember Member
nss_map_attribute cn sAMAccountName
#nss_map_attribute userPassword msSFUPassword
nss_map_attribute userPassword msSFUPassword
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
#pam_login_attribute msSFUName
pam_login_attribute sAMAccountName
pam_filter objectclass=user
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ssl on
--- Gavin Adams
Promisant (USA) Inc.
O: +1.404.262.7321 M: +1.404.213.5539