[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd gives error ldap_sasl_interactive_bind_s: No such attribute (16)

(Readding openldap-technical@openldap.org to the CC list)

On 08/16/12 15:32 -0700, Jeffrey Parker wrote:
The setup that I have is a bit strange, I am not using OpenLDAP to
authenticate operating system users. I am using it for other
authentication. The authentication works for usermin which I am using as an
interface to change passwords and for phpldapadmin, and for Hudson
continuous integration. That section that you mentioned in the OpenLDAP
Administrator's guide does not give any help it just says what that means
not any indication on what to do to fix it. As a side note ldapwhoami does
not work because I am not authenticated through ldap to login to the
computer. I can manually change the password in phpldapadmin, but I need
the users to be able to change their own password which was working but now
it is not working and I did not change anything since the time that it was

A cannot assist you with phpldapadmin or usermin.

If you would like users to change their own passwords with the ldappasswd
utility, then ldapwhoami is an acid test. Users must be able to
authenticate to your ldap server before they can change their passwords for
themselves. This is unrelated to how you, or your users, authenticate to
the operating system.

When password changes worked, what command (include command line
parameters) did your users use?

On Thu, Aug 16, 2012 at 2:30 PM, Dan White <dwhite@olp.net> wrote:

On 08/16/12 14:06 -0700, Jeffrey Parker wrote:

I cannot seem to find anything helpful about this issue. I had it working
before when I first setup OpenLDAP and I have not changed any settings
since then. The only thing I can seem to find is suggestion saying to use
-x when running ldappasswd. When I use -x I get the error below

Result: Strong(er) authentication required (8)
Additional info: only authenticated users may change passwords

If binding with -x, you'll need to provide a bind dn (-D) and a password.

 I am running OpenLDAP, I am not sure what version but it is somewhat new.
It is running on Turnkey Linux (ubuntu 10.04 based) and is in a virtual

The error messages is briefly discussed in the OpenLDAP Administrator's
Guide (section H.17).

Verify that you are able to bind to the server with 'ldapwhoami', with your
credentials. Once that succeeds, verify that your entry contains a
'userPassword' attribute, and that the user you are binding with has the
permissions to change it.

Dan White

Dan White