Issue #316 has been updated by Shelley Waltz.
Hi Clement, Thank you for the clarification. I also use the cracklib module in addition to the ppolicy module. Is there any software which interacts with exop to provide feedback to users and allows them to change their password? Thanks much. Shelley ---------------------------------------- Bug #316: pwdSafeModify self service password http://tools.lsc-project.org/issues/316 Author: Shelley Waltz Status: New Priority: Normal Assigned to: Clément Oudot Category: Self Service Password Target version: Hi I am implementing self service password on RHEL5 with openldap-servers-2.3.43-12.el5_6.7. I set up a default policy for testing - very simple, with only one requirement - that the user is allowed to change their own password(pwdAllowUserChangeTrue: TRUE) and that the user must supply their password in order to change it(pwdSafeModify: TRUE). If I use self service password configured to enter old password and provide and verify a new password, it fails with the following message in my log file ... May 4 09:20:14 lemur slapd[9768]: conn=18 op=2 BIND dn="cn=testuser,dc=example,dc=com" mech=SIMPLE ssf=0 May 4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: "cn=testuser,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: conn=18 op=2 RESULT tag=97 err=0 text= May 4 09:20:14 lemur slapd[9768]: conn=18 op=3 MOD dn="cn=testuser,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: conn=18 op=3 MOD attr=userPassword May 4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: "cn=testuser,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: => bdb_entry_get: found entry: "cn=default,ou=policies,dc=example,dc=com" May 4 09:20:14 lemur slapd[9768]: conn=18 op=3 RESULT tag=103 err=50 text=Must supply old password to be changed as well as new one May 4 09:20:14 lemur slapd[9768]: conn=18 op=4 UNBIND May 4 09:20:16 lemur slapd[9768]: conn=18 fd=18 closed If I change pwdSafeModify to FALSE, it works fine. Does this functionality not exist with self service password - does it not pass the necessary information to openldap ppolicy, or am I missing something? thanks shwaltz -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
