Re: [Ltb-users] Can't change password using LTB SSP with AD LDAP

Sat, 11 Jan 2014 01:52:12 -0800 

On 11/01/2014 10:16, Alan Osborne wrote:


Hi,


I'm hitting a wall trying to troubleshoot an issue with LTB self 
service password...


Here's an excerpt from the apache2 error log (debug mode enabled):


[Sat Jan 11 00:52:48 2014] [error] [client 192.168.x.x] PHP Warning:  
ldap_mod_replace(): Modify: Server is unwilling to perform in 
/usr/share/self-service-password/lib/functions.inc.php on line 275, 
referer: https://ltb_ssp_ip/self-service/



[Sat Jan 11 00:52:48 2014] [error] [client 192.168.x.x] LDAP - Modify 
password error 53 (Server is unwilling to perform), referer: 
https://ltb_ssp_ip/self-service/



I've tested using LDAP Admin (http://www.ldapadmin.org/) and I can 
change the same account password that failed with LTB SSP. I'm 
connecting to the same AD DC too and I don't need to use a secure 
connection (LDAPS), just unencrypted LDAP on port 389.


Here are the relevant entries in my config.inc.php file:

$ldap_url = "ldap://ip_address_of_ad_dc";;

$ldap_binddn = "cn=ldapuser,cn=Users,dc=domain,dc=ext";

$ldap_bindpw = "ldapuserpasswd";

$ldap_base = "dc=domain,dc=ext";

$ldap_login_attribute = "uid";

$ldap_fullname_attribute = "cn";


$ldap_filter = 
"(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";


$ad_mode = true;

$ad_options['force_unlock'] = true;

$ad_options['force_pwd_change'] = true;

$samba_mode = false;

$who_change_password = "manager";

All other settings are default.

Any ideas?

Thanks!


Hi,

Are you sure that ldapadmin does not use TLS when connecting on port 389 ?

Because I believe that having an encrypted connection is required in 
order to change a password in AD
(it works on ldaps, I don't know for sure for TLS, but I would not be 
surprised it does to).


Regards,

--
Yann Cézard  -  infrastructures - administrateur systèmes serveurs
Centre de ressources informatiques    -     http://cri.univ-pau.fr
Université de Pau et des pays de l'Adour -  http://www.univ-pau.fr
bâtiment d'Alembert (anciennement IFR), rue Jules Ferry, 64000 Pau
Téléphone : +33 (0)5 59 40 77 94


_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users






















					Reply via email to