Re: [389-users] Reset Password as Root if User Forgets Password
There is a tab under Data-Password Policy, and what I meant was that checkbox Reset password. I want the ability to programmatically toggle that checkbox. Is there an attribute associated with that? Thanks On 1/27/14 3:21 PM, Dan Lavu d...@lavu.net wrote: There is no tab for it. On 26/01/14 22:55, Chaudhari, Rohit K. wrote: Hello 389DS users, I'm trying to figure out how to programmatically control the Change password after reset through Java code. What is the attribute associated with that checkbox in the 389DS password policy tab? Is there not a tab for it. I just need confirmation on that. Thanks -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Reset Password as Root if User Forgets Password
There is no tab for it. On 26/01/14 22:55, Chaudhari, Rohit K. wrote: Hello 389DS users, I'm trying to figure out how to programmatically control the Change password after reset through Java code. What is the attribute associated with that checkbox in the 389DS password policy tab? Is there not a tab for it. I just need confirmation on that. Thanks -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Reset Password as Root if User Forgets Password
Hello, I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the passwd command as root for a LDAP user, I get the following: (as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error. I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it? Thanks, Rohit From: Chaudhari, Rohit K. Chaudhari rohit.chaudh...@jhuapl.edumailto:rohit.chaudh...@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org Subject: using passwd with 389 Hello, I want to be able to use the Unix passwd command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work? Thanks, Rohit -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Reset Password as Root if User Forgets Password
sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example. On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. rohit.chaudh...@jhuapl.edu wrote: Hello, I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the passwd command as root for a LDAP user, I get the following: (as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error. I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it? Thanks, Rohit From: Chaudhari, Rohit K. Chaudhari rohit.chaudh...@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org Subject: using passwd with 389 Hello, I want to be able to use the Unix passwd command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work? Thanks, Rohit -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Reset Password as Root if User Forgets Password
I'm not using kerberos. The other suggestion about using ldappasswd led to the error: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Additional info: TLS: hostname does not match CN in peer certificate Is there a way to create a JNDI equivalent command so that I could add a checkbox to a Java GUI that basically toggles the force password change after reset checkbox built into the password policy in 389? On 1/22/14 10:49 AM, Paul Robert Marino prmari...@gmail.com wrote: sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example. On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. rohit.chaudh...@jhuapl.edu wrote: Hello, I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the passwd command as root for a LDAP user, I get the following: (as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error. I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it? Thanks, Rohit From: Chaudhari, Rohit K. Chaudhari rohit.chaudh...@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org Subject: using passwd with 389 Hello, I want to be able to use the Unix passwd command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work? Thanks, Rohit -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Reset Password as Root if User Forgets Password
On 01/22/2014 12:31 PM, Chaudhari, Rohit K. wrote: Before I explore this further, when using ldappasswd, will it still prompt me for the current password before I can type in a new password to replace it? You need to be bound to the LDAP server as a user who has permission to change the password. If you are changing your own password, you need to supply your existing password to complete this bind operation. If you are an admin resetting a password for a different user, you will need to supply the admin user password to complete the bind, but you will not need to supply the user's existing password. The ldappasswd command requires that the connection is protected with SSL/TLS or a SASL mechanism that provides confidentiality. You will need to resolve your TLS problem. On 1/22/14 3:26 PM, Paul Robert Marino prmari...@gmail.com wrote: your SSL cert or your DNS is bad. TLS requires full forward and revers lookup of the C name for the host to match one of the host names in the SSL cert. On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K. rohit.chaudh...@jhuapl.edu wrote: I'm not using kerberos. The other suggestion about using ldappasswd led to the error: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Additional info: TLS: hostname does not match CN in peer certificate Is there a way to create a JNDI equivalent command so that I could add a checkbox to a Java GUI that basically toggles the force password change after reset checkbox built into the password policy in 389? On 1/22/14 10:49 AM, Paul Robert Marino prmari...@gmail.com wrote: sorry thats not possible. If you are using Kerberos then you can do it via the kadmin command. If not then you have to use one of several other tools like the admin console or ldapmodify for example. On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K. rohit.chaudh...@jhuapl.edu wrote: Hello, I need to be able to reset a LDAP user's password if they forget it with the user root. But when I try the passwd command as root for a LDAP user, I get the following: (as root) passwd tuser Changing password for user tuser. Password reset by root is not supported. passwd: Authentication token manipulation error. I am using sssd as the LDAP authentication mechanism tool, to be specific. Does anyone have a solution to dealing with this issue of resetting a LDAP user's password if they forgot it? Thanks, Rohit From: Chaudhari, Rohit K. Chaudhari rohit.chaudh...@jhuapl.edu Date: Tuesday, January 21, 2014 3:29 PM To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org Subject: using passwd with 389 Hello, I want to be able to use the Unix passwd command to reset a LDAP user's password from the command line. However, I keep getting an authentication token manipulation error whenever I try to reset the password using that command. What do I need to do in the 389 DS or on Unix in order to get this command to work? Thanks, Rohit -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users