Keeping replies on openldap-technical@openldap.org is recommended, since it gives you more eyes for your problem.
On Thu, Aug 16, 2012 at 2:30 PM, Dan White <dwhite@olp.net> wrote:On 08/16/12 14:06 -0700, Jeffrey Parker wrote:I cannot seem to find anything helpful about this issue. I had it working before when I first setup OpenLDAP and I have not changed any settings since then. The only thing I can seem to find is suggestion saying to use -x when running ldappasswd. When I use -x I get the error below Result: Strong(er) authentication required (8) Additional info: only authenticated users may change passwordsIf binding with -x, you'll need to provide a bind dn (-D) and a password. I am running OpenLDAP, I am not sure what version but it is somewhat new. The error messages is briefly discussed in the OpenLDAP Administrator's Guide (section H.17). Verify that you are able to bind to the server with 'ldapwhoami', with your credentials. Once that succeeds, verify that your entry contains a 'userPassword' attribute, and that the user you are binding with has the permissions to change it.
On Aug 17, 2012 9:08 AM, "Dan White" <dwhite@olp.net> wrote:On 08/16/12 15:32 -0700, Jeffrey Parker wrote:The setup that I have is a bit strange, I am not using OpenLDAP to authenticate operating system users. I am using it for other authentication. The authentication works for usermin which I am using as an interface to change passwords and for phpldapadmin, and for Hudson continuous integration. That section that you mentioned in the OpenLDAP Administrator's guide does not give any help it just says what that means not any indication on what to do to fix it. As a side note ldapwhoami does not work because I am not authenticated through ldap to login to the computer. I can manually change the password in phpldapadmin, but I need the users to be able to change their own password which was working but now it is not working and I did not change anything since the time that it was working.A cannot assist you with phpldapadmin or usermin. If you would like users to change their own passwords with the ldappasswd utility, then ldapwhoami is an acid test. Users must be able to authenticate to your ldap server before they can change their passwords for themselves. This is unrelated to how you, or your users, authenticate to the operating system. When password changes worked, what command (include command line parameters) did your users use?
On 08/17/12 09:46 -0700, Jeffrey Parker wrote:
Usermin runs ldappasswd. The command-line options when it worked are the same as I tried before, just ldappasswd. Users can authenticate without any issue.
Common ldappasswd examples include: for simple binds: ldappasswd -x -D "uid=jsmith,dc=example,dc=net" -W -s "new_password" for sasl binds: ldappasswd -Y digest-md5 -U jsmith -s "new_password" What are the contents of the following files, if they exist? /etc/ldap/ldap.conf (or your system's equivalent) $HOME/ldaprc $HOME/.ldaprc ./ldaprc Consult the manpages for ldap.conf and ldappasswd. -- Dan White