Issue #316 has been updated by Clément Oudot. Category set to Self Service Password Assigned to set to Clément Oudot
Hi Shelley, if you use pwdSafeModify, you must use the LDAP extended operation "password modify" to change the password. This extended operation is not shipped with PHP LDAP so we can't use it in Self Service Password. ---------------------------------------- Bug #316: pwdSafeModify self service password http://tools.lsc-project.org/issues/316 Author: Shelley Waltz Status: New Priority: Normal Assigned to: Clément Oudot Category: Self Service Password Target version: Hi I am implementing self service password on RHEL5 with openldap-servers-2.3.43-12.el5_6.7. I set up a default policy for testing - very simple, with only one requirement - that the user is allowed to change their own password(pwdAllowUserChangeTrue: TRUE) and that the user must supply their password in order to change it(pwdSafeModify: TRUE). If I use self service password configured to enter old password and provide and verify a new password, it fails with the following message in my log file ... May 4 09:20:14 lemur slapd[9768]: conn=18 op=2 BIND dn="cn=testuser,dc=example,dc=com" mech=SIMPLE ssf=0 May 4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: "cn=testuser,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: conn=18 op=2 RESULT tag=97 err=0 text= May 4 09:20:14 lemur slapd[9768]: conn=18 op=3 MOD dn="cn=testuser,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: conn=18 op=3 MOD attr=userPassword May 4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: "cn=testuser,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: "cn=default,ou=policies,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: conn=18 op=3 RESULT tag=103 err=50 text=Must supply old password to be changed as well as new one May 4 09:20:14 lemur slapd[9768]: conn=18 op=4 UNBIND May 4 09:20:16 lemur slapd[9768]: conn=18 fd=18 closed If I change pwdSafeModify to FALSE, it works fine. Does this functionality not exist with self service password - does it not pass the necessary information to openldap ppolicy, or am I missing something? thanks shwaltz -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
