Hi Clement Good news, you were totally correct....the Constraint Violation was being caused by the password I was using, as soon as I chose a complicated password it allowed me to change the password. I didn't realise it (I thought it had been disabled) but my Samba4 domain policy has complexity enabled already....
[root@headoffice conf]# samba-tool domain passwordsettings show Password informations for domain 'DC=mydomain,DC=local' Password complexity: on Store plaintext passwords: off Password history length: 0 Minimum password length: 5 Minimum password age (days): 0 Maximum password age (days): 0 Thank you very much for all of your assistance, it is greatly appreciated. Regards. Neil Wilson. On Mon, Oct 13, 2014 at 2:42 PM, Clément OUDOT <[email protected]> wrote: > > > 2014-10-13 10:46 GMT+02:00 Neil <[email protected]>: >> >> Thanks Clement, >> >> I tried the rpm on el6 and it works as well and I think I've sorted >> out my LDAP settings as I now get... >> >> [Mon Oct 13 10:37:54 2014] [error] [client 160.128.20.4] PHP Warning: >> ldap_get_values(): Cannot get the value(s) of attribute Decoding error >> in /usr/share/self-service-password/pages/change.php on line 121, >> referer: http://127.0.0.1:800/ >> [Mon Oct 13 10:37:54 2014] [error] [client 160.128.20.4] PHP Warning: >> preg_match_all(): Compilation failed: missing terminating ] for >> character class at offset 2 in >> /usr/share/self-service-password/lib/functions.inc.php on line 171, >> referer: http://127.0.0.1:800/ >> [Mon Oct 13 10:37:54 2014] [error] [client 160.128.20.4] Cannot modify >> AD password as user, referer: http://127.0.0.1:800/ >> [Mon Oct 13 10:37:54 2014] [error] [client 160.128.20.4] PHP Notice: >> Undefined index: changehelpextramessage in >> /usr/share/self-service-password/pages/change.php on line 184, >> referer: http://127.0.0.1:800/ >> >> Then if I try changing to manager as to who sets the password I get >> the following... >> >> [Mon Oct 13 10:41:11 2014] [error] [client 160.128.20.4] PHP Warning: >> ldap_get_values(): Cannot get the value(s) of attribute Decoding error >> in /usr/share/self-service-password/pages/change.php on line 121, >> referer: http://127.0.0.1:800/ >> [Mon Oct 13 10:41:11 2014] [error] [client 160.128.20.4] PHP Warning: >> preg_match_all(): Compilation failed: missing terminating ] for >> character class at offset 2 in >> /usr/share/self-service-password/lib/functions.inc.php on line 171, >> referer: http://127.0.0.1:800/ >> [Mon Oct 13 10:41:11 2014] [error] [client 160.128.20.4] PHP Warning: >> ldap_mod_replace(): Modify: Constraint violation in >> /usr/share/self-service-password/lib/functions.inc.php on line 275, >> referer: http://127.0.0.1:800/ >> [Mon Oct 13 10:41:11 2014] [error] [client 160.128.20.4] LDAP - Modify >> password error 19 (Constraint violation), referer: >> http://127.0.0.1:800/ >> [Mon Oct 13 10:41:11 2014] [error] [client 160.128.20.4] PHP Notice: >> Undefined index: changehelpextramessage in >> /usr/share/self-service-password/pages/change.php on line 184, >> referer: http://127.0.0.1:800/ >> >> >> ...which as I see on the url you gave me says that AD won't allow me >> to reset the password as the user unless I use SSL, which I >> unfortunately can't do because I'm using Samba4 for my AD and I can't >> control the SSL certificates. Unless I've misunderstood this >> completely. >> > > > I never tested Samba4, but with AD, it indeed requires SSL to modify the > password. The constraint violation error can also mean that the password > quality is to low. Have you tried a complex password? If this does not solve > your problem, you may need to configure SSL on Samba4 LDAP. > > >> >> Do you know if there is a way around this, below are my current config >> options... >> >> $ldap_url = "ldap://192.168.0.8";; >> $ldap_binddn = "[email protected]"; >> $ldap_bindpw = "mypass"; >> $ldap_base = "dc=mydomain,dc=local"; >> $ldap_login_attribute = "sAMAccountName"; >> #$ldap_login_attribute = "uid"; >> $ldap_fullname_attribute = "cn"; >> $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; >> >> $ad_mode = true; >> #$who_change_password = "user"; >> $who_change_password = "manager"; >> >> Not sure if there's actually a way around ? >> > > > > Configuration seems ok to me. > > > > Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
