[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem changing passwords after import

To: "Howard Chu" <hyc@symas.com>
Subject: RE: Problem changing passwords after import
From: "Rick Tautin" <rtautin@coppolaenterprises.net>
Date: Mon, 13 Aug 2007 22:06:47 -0400
Cc: openldap-software@openldap.org
Content-class: urn:content-classes:message
In-reply-to: <46C1050F.3010703@symas.com>
References: <9BEED2568FF9934BA3D65900803DA6F54BC0@SRV1.coppolaenterprises.net><46C08947.3080301@sys-net.it><9BEED2568FF9934BA3D65900803DA6F54BC3@SRV1.coppolaenterprises.net><46C0A48B.60409@sys-net.it><9BEED2568FF9934BA3D65900803DA6F54BC5@SRV1.coppolaenterprises.net><46C0AF76.9030708@sys-net.it><9BEED2568FF9934BA3D65900803DA6F54BC6@SRV1.coppolaenterprises.net><46C0B4D4.8090403@sys-net.it><9BEED2568FF9934BA3D65900803DA6F54BC7@SRV1.coppolaenterprises.net> <46C0B888.2040002@sys-net.it> <9BEED2568FF9934BA3D65900803DA6F5047289@SRV1.coppolaenterprises.net> <46C1050F.3010703@symas.com>
Thread-index: AcfeEiG5Zw2QjAYwR6OVkSW0jP9gqAABZRDw
Thread-topic: Problem changing passwords after import

Once I change the users password I can successfully do a ldapwhoami, so
I would assume that I am binding at that point.  I guess I am look on
how to proceed with users that have not had their passwords changed as
the manager.  Is there a different way that I should have imported them?
Thanks

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Monday, August 13, 2007 9:28 PM
To: Rick Tautin
Cc: Pierangelo Masarati; openldap-software@openldap.org
Subject: Re: Problem changing passwords after import

Rick Tautin wrote:
> The directory is the only place that there is user information.  I
took
> all the entries out of the old password file and the only thing that
is
> in there are the local accounts.  So if it is not getting its
> credentials from the directory I don't know where it would be getting
it
> from.  Also when I stop the server I am unable to check mail or ftp to
> our servers.  

You're missing the crucial point that Unix services can authenticate
users 
against an LDAP database without performing an LDAP Bind operation on
that 
user. I.e., with sufficient privileges nss_ldap can just retrieve a
user's 
userPassword attribute and authenticate against it when it is stored in 
crypt(3) format, even if slapd doesn't itself support crypt (or the same

version of crypt).
> 
> -----Original Message-----
> From:
> openldap-software-bounces+rtautin=coppolaenterprises.net@OpenLDAP.org
>
[mailto:openldap-software-bounces+rtautin=coppolaenterprises.net@OpenLDA
> P.org] On Behalf Of Pierangelo Masarati
> Sent: Monday, August 13, 2007 4:01 PM
> To: Rick Tautin
> Cc: openldap-software@openldap.org
> Subject: Re: Problem changing passwords after import
> 
> Rick Tautin wrote:
>> That is where all the usernames and passwords are is in openldap, and
>> I am trying to use the ldappasswd command to change it.  If when I
>> complied openldap if enable-crypt was disabled would I even be able
>> to login to other servers that are authenticating back to openldap?
> 
> How can you tell the other services bind to OpenLDAP if even
ldapwhoami
> can't?  I guess binding to OpenLDAP fails, and services fall back to
> file based data.  Please carefully check the logs of your server
before
> proceeding any further.  It seems clear, from the little info you
> posted, that basic authentication (LDAP simple bind) is not working
with
> the credentials you stored in your directory.
> 


-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

Follow-Ups:
- Re: Problem changing passwords after import
  - From: Howard Chu <hyc@symas.com>

References:
- Problem changing passwords after import
  - From: "Rick Tautin" <rtautin@coppolaenterprises.net>
- Re: Problem changing passwords after import
  - From: Pierangelo Masarati <ando@sys-net.it>
- RE: Problem changing passwords after import
  - From: "Rick Tautin" <rtautin@coppolaenterprises.net>
- Re: Problem changing passwords after import
  - From: Pierangelo Masarati <ando@sys-net.it>
- RE: Problem changing passwords after import
  - From: "Rick Tautin" <rtautin@coppolaenterprises.net>
- Re: Problem changing passwords after import
  - From: Pierangelo Masarati <ando@sys-net.it>
- RE: Problem changing passwords after import
  - From: "Rick Tautin" <rtautin@coppolaenterprises.net>
- Re: Problem changing passwords after import
  - From: Pierangelo Masarati <ando@sys-net.it>
- RE: Problem changing passwords after import
  - From: "Rick Tautin" <rtautin@coppolaenterprises.net>
- Re: Problem changing passwords after import
  - From: Pierangelo Masarati <ando@sys-net.it>
- RE: Problem changing passwords after import
  - From: "Rick Tautin" <rtautin@coppolaenterprises.net>
- Re: Problem changing passwords after import
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Problem changing passwords after import
Next by Date: Re: High availability
Index(es):
- Chronological
- Thread