matt
On Feb 20, 2007, at 11:09 AM, Matt Richard wrote:
At 10:49 AM -0600 2/20/07, Matthew Jones wrote:
I have been trying to change user's passwords in our openLDAP
system running on Mac OS X Tiger Server using the ldappasswd
utility from the command line on a system remote to the server.
For example I enter the command: "ldappasswd -x -h 192.168.1.253
-D "uid=diradmin,cn=users,dc=BOD,dc=local" -s test -W
uid=test,cn=users,dc=BOD,dc=local" where 192.168.1.253 is the
address of the remote server, diradmin is a administrator of the
openLDAP server, and test is the user that i want to change the
password of. After I enter diradmin's password, this command
returns "Result: Success (0)", but the user's password is actually
unchanged on the server. I have also tried configuring the access
in the slapd.conf file, adding the line "access to * by * write"
to make sure that permissions are not an issue. I still get the
same result however. Any ideas on why the password does not get
changed?
Hi, Matthew,
For the user in question, what is the User Password Type?
If it is Crypt, then the utilities should work.
But it is probably "Open Directory". In this case the password for
this account is stored outside the LDAP database, in OD's Password
Server database. The OpenLDAP utilities will not work for changing
passwords.
If you are on an OD server you can use the 'passwd' command at the
CLI. You could also SSH into the remote OD server and then run the
command.
-Matt
--
Matt Richard
Access and Security Coordinator
Computing Services
Franklin & Marshall College
email@hidden
(717) 291-4157
?
Matt Jones - Engineer - BrighTech, Inc. - 612*317*0737 - email@hidden
---------------------------------------------------------------------------------------------
Electronic Privacy Notice
The present e-mail, and all of its attachments, contains information
that is covered by the US and/or international electronic
communications privacy laws, and is confidential and proprietary in
nature. If you are not the intended recipient, please be advised
that you are legally prohibited from keeping, using, duplicating,
distributing, or otherwise disclosing any of this information in any
form. Instead, please notify the sender that you have received this
message in error, and then immediately delete it.
Thank you in advance for your cooperation,
BrighTech, Inc.
=============================================================================================
The user password type is open directory. I had explored the passwd
command, and using ssh, which does work. The problem I have with
this implementation is that I actually need to be able to use a
script to change the password, and I can't see any way to feed in
the "yes" needed to accept the RSA fingerprint given to me from ssh.
Recompiling ssh without the prompt is also not an option. This also
complicates things by making it a requirement that each user has SSH
on their account, or that i store an account's (with SSH access)
information in my script somewhere. Any other thoughts?
matt
On Feb 20, 2007, at 11:09 AM, Matt Richard wrote:
At 10:49 AM -0600 2/20/07, Matthew Jones wrote:
I have been trying to change user's passwords in our openLDAP
system running on Mac OS X Tiger Server using the ldappasswd
utility from the command line on a system remote to the server.
For example I enter the command: "ldappasswd -x -h 192.168.1.253
-D "uid=diradmin,cn=users,dc=BOD,dc=local" -s test -W
uid=test,cn=users,dc=BOD,dc=local" where 192.168.1.253 is the
address of the remote server, diradmin is a administrator of the
openLDAP server, and test is the user that i want to change the
password of. After I enter diradmin's password, this command
returns "Result: Success (0)", but the user's password is actually
unchanged on the server. I have also tried configuring the access
in the slapd.conf file, adding the line "access to * by * write"
to make sure that permissions are not an issue. I still get the
same result however. Any ideas on why the password does not get
changed?
Hi, Matthew,
For the user in question, what is the User Password Type?
If it is Crypt, then the utilities should work.
But it is probably "Open Directory". In this case the password for
this account is stored outside the LDAP database, in OD's Password
Server database. The OpenLDAP utilities will not work for changing
passwords.
If you are on an OD server you can use the 'passwd' command at the
CLI. You could also SSH into the remote OD server and then run the
command.
-Matt
--
Matt Richard
Access and Security Coordinator
Computing Services
Franklin & Marshall College
<mailto:email@hidden>email@hidden
(717) 291-4157
Matt Jones - Engineer - BrighTech, Inc. - 612*317*0737 -
<mailto:email@hidden>email@hidden
---------------------------------------------------------------------------------------------
Electronic Privacy Notice
The present e-mail, and all of its attachments, contains information
that is covered by the US and/or international electronic
communications privacy laws, and is confidential and proprietary in
nature. If you are not the intended recipient, please be advised
that you are legally prohibited from keeping, using, duplicating,
distributing, or otherwise disclosing any of this information in any
form. Instead, please notify the sender that you have received this
message in error, and then immediately delete it.
Thank you in advance for your cooperation,
BrighTech, Inc.
=============================================================================================
