Re: password-policy configuration problems: cannot change passwords

[Chris Jacobs <Chris.Jacobs@apollogrp.edu>]

If that's true, would there be anyway to change the error text? Perhaps "Password policy overlay only allows one password value in dn - more than one found". If there's a clear reason for an error, I think the added text would be valuable to an administrator.

- chris


----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Cc: Marco Weber <marco.weber@mpulse.eu>
Sent: Fri Dec 23 00:47:34 2011
Subject: Re: password-policy configuration problems: cannot change passwords

On Thursday, 22 December 2011 12:26:38 Marco Weber wrote:
> Hello,
>
> I'm running openldap with password policy overlay. after the overlay
> installation and configuration, we cannot change the passwords anymore.
>
> Michael Ströder told that an LDAP modify request should resolve this issue,
> but it didn't help.
>
>
> [root@ldapsrv ~]# ldappasswd -e ppolicy -D cn=username,dc=domain,dc=tld -S
> -W New password:
> Re-enter new password:
> Enter LDAP Password:
> Result: Constraint violation (19)
> Additional info: Password policy only allows one password value
> control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAA=
> ppolicy:

The error message, and the code that issues that error message, seems to
indicate that pppolicy doesn't allow multiple values for the userPassword
attribute to exist in an existing entry when the password is changed.

You may want to check how many values are present for userPassword on
cn=username,dc=domain,dc=tld, and if there are multiple values, remove all or
all but one.

Regards,
Buchan



This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.