[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Changing passwords via Open LDAP OS X 10.3 Server

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Changing passwords via Open LDAP OS X 10.3 Server
From: Isaac Ordonez <iordonez@srcs.org>
Date: Thu, 20 Nov 2003 09:05:25 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <m3ad6r7bia.fsf@marin.l4b.de>
References: <AD876D67-1AED-11D8-B744-0003937CDB0A@srcs.org> <m3ad6r7bia.fsf@marin.l4b.de>

Ok interesting. Since PHP cannot do a simple bind is there any way to allow users to change their password via webmail (I'm gathering SASL is an auth module, would it be easy to install another module along side it?)

Also now when I issue the ldappasswd command I get the following:

mail:~ admin$ ldappasswd -x -D uid=test,dc=srcs,dc=org -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

From reading some posts on the net it might have something with my ACLS. I'm still using the defaults on the server which are:

access to attr=userPassword by self write by group/posixGroup/memberUid="cn=admin,cn=groups,dc=srcs,dc=org" write by * auth access to attr=apple-user-authenticationHint by self write by group/posixGroup/memberUid="cn=admin,cn=groups,dc=srcs,dc=org" write by * read access to attr=apple-user-picture by self write by group/posixGroup/memberUid="cn=admin,cn=groups,dc=srcs,dc=org" write by * read access to * by group/posixGroup/memberUid="cn=admin,cn=groups,dc=srcs,dc=org" write by * read


Thanks so much for your time!

Isaac Ordonez
Technology Support Specialist II
San Rafael City Schools
415.302.8114
On Nov 19, 2003, at 11:19 PM, Dieter Kluenter wrote:

Hi,

Isaac Ordonez <iordonez@srcs.org> writes:

Hello everyone,

I'm pretty much here on behalf of people on the Mac OS X server admin
mailing list.

We recently migrated to OS X 10.3 server for our mail server.  So far
I have found the Open LDAP is the base for directory services in this
OS. I'm not familiar with Ldap but I'm trying to take a crash course.
I'm having problems with users being able to change their passwords
via LDAP (and a squirrel mail LDAP plugin).  I've scoured the archives
but nothing seems to quite pertain to my situation.  here it is:


php is not able to handle sasl, that is you can't do a strong bind
with any php application.


When I try to bind as a user in LDAP Browser\Editor 2.8.2 (java
program) it fails to connect.  When I bind anonymously I can see all
my users, etc.

If I try and run ldappasswd I get the following:

mail:~ admin$ ldappasswd -D uid=test,dc=srcs,dc=org -W
Enter LDAP Password:
SASL/CRAM-MD5 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
         additional info: SASL(-1): generic failure: incorrect digest
         response


You are trying to initialise a strong bind, thus sasl is complaining.
A simple bind requires the flag -x, that is:
ldappasswd -x -D uid=test,dc=srcs,dc=org -W

-Dieter

--
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- Re: Changing passwords via Open LDAP OS X 10.3 Server
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- Changing passwords via Open LDAP OS X 10.3 Server
  - From: Isaac Ordonez <iordonez@srcs.org>
- Re: Changing passwords via Open LDAP OS X 10.3 Server
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: RE: Export contacts from Outlook 2000 to Openldap
Next by Date: Re: Slurpd over SSL
Index(es):
- Chronological
- Thread