Hi Ondřej, Sorry, that it took me so long to answer, but here is a lot of work to do.
Now I set pwdSafeModify=FALSE and still passwd cant change the password if otp is active. So I think I must stay with ldappasswd. Stefan Am 29.04.25 um 12:58 schrieb Ondřej Kuzník:
On Fri, Apr 25, 2025 at 07:49:42PM +0200, Stefan Kania wrote:Hi Ondřej, changing the password with ldappasswd works as expected. I did a: ------------- u1-verw@ldap02:~$ ldappasswd -x -D cn=u1-verw,ou=users,ou=verwaltung,dc=example,dc=net -S -W New password: Re-enter new password: Enter LDAP Password: ------------- When entering the "LDAP Password" I'm giving "password+token" for the "New password" I'm only giving the new password without any token. After changing the password I can login with the new password+token. But with "passwd" I can't change the password if otp is used. Without otp changing the password works wir "passwd" only.Yes, that sounds like a limitation how passwd deals with ldap especially when otp changes the meaning of how a Bind is processed. If you want to set pwdSafeModify, not sure if there's a way to make that work with the password modify extop. If you don't insist on pwdSafeModify, there might be a way for passwd not to send the old password in the op? Regards,
-- Stefan Kania Landweg 13 25693 St. Michaelisdonn --------------------- Es gibt keine WOLKE, nur die Computer fremder Leute
OpenPGP_0x52F6D4DD1BB68AB5.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
