ldapchangepwd
Attempting to use ldapchangepwd. Any idea what is causing error? ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 -p 389 Enter current password ==> old Enter new password ==> new ldap_sasl_bind: Credentials are not valid ldap_sasl_bind: additional info: R004062 Credentials are not valid (ldbm_authenticate_user:252) Thanks, Tim Brown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
Tim Brown wrote: >Attempting to use ldapchangepwd. Any idea what is causing error? >ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 -p 389 >Enter current password ==> old >Enter new password ==> new If you are running this prompting in TSO or batch, it is NOT supported. >ldap_sasl_bind: Credentials are not valid >ldap_sasl_bind: additional info: R004062 Credentials are not valid >(ldbm_authenticate_user:252) What backend are you using? RACF? DB2? What level of LDAP are you using? v2 or v3? What do you see in logfile like this one /etc/ldap/gldlog.output ? If RACF, do you see any ICH408I message. If not, do you see any SMF records for that id? What authenticating method are you using? CRAM-MD5, or DIGEST-MD5? What binding method are you using? I'm thinking of the parameters like -m or -S. What version of ldap and z/OS version are you using? Turn on your debug level for more diagnostics by using -d parameter. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
Running in TSO via OMVS session still not supported? Would I have to use an LPAP client outside of Z/OS Tim -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Tuesday, 21 October, 2014 11:42 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ldapchangepwd Tim Brown wrote: >Attempting to use ldapchangepwd. Any idea what is causing error? >ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 -p 389 >Enter current password ==> old >Enter new password ==> new If you are running this prompting in TSO or batch, it is NOT supported. >ldap_sasl_bind: Credentials are not valid >ldap_sasl_bind: additional info: R004062 Credentials are not valid >(ldbm_authenticate_user:252) What backend are you using? RACF? DB2? What level of LDAP are you using? v2 or v3? What do you see in logfile like this one /etc/ldap/gldlog.output ? If RACF, do you see any ICH408I message. If not, do you see any SMF records for that id? What authenticating method are you using? CRAM-MD5, or DIGEST-MD5? What binding method are you using? I'm thinking of the parameters like -m or -S. What version of ldap and z/OS version are you using? Turn on your debug level for more diagnostics by using -d parameter. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
This works for me: ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w oldpwd/newpwd -s base -b "" objectclass=* -- Donald J. dona...@4email.net On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > Attempting to use ldapchangepwd. Any idea what is causing error? > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 -p 389 > > Enter current password ==> old > Enter new password ==> new > > ldap_sasl_bind: Credentials are not valid > ldap_sasl_bind: additional info: R004062 Credentials are not valid > (ldbm_authenticate_user:252) > > Thanks, > > Tim Brown > > > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- http://www.fastmail.fm - Send your email first class -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
Thanks , where is RACFSY7 referred to in DSCONFIG? -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Donald J. Sent: Tuesday, 21 October, 2014 4:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ldapchangepwd This works for me: ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w oldpwd/newpwd -s base -b "" objectclass=* -- Donald J. dona...@4email.net On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > Attempting to use ldapchangepwd. Any idea what is causing error? > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 -p > 389 > > Enter current password ==> old > Enter new password ==> new > > ldap_sasl_bind: Credentials are not valid > ldap_sasl_bind: additional info: R004062 Credentials are not valid > (ldbm_authenticate_user:252) > > Thanks, > > Tim Brown > > > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZLd7j94zTyQxa%2FVaBKKyHfxrRdjH%2FDYQ0OKhKqpVTKM%3D%0A&s=c46847a5cd0a26892078bc3d6e22a0bf2d595a9220741a4c514743596b3c7c0f - Send your email first class -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
That would be your SUFFIX parameter value. -- Donald J. dona...@4email.net On Tue, Oct 21, 2014, at 01:30 PM, Tim Brown wrote: > Thanks , where is RACFSY7 referred to in DSCONFIG? > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Donald J. > Sent: Tuesday, 21 October, 2014 4:12 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ldapchangepwd > > This works for me: > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w > oldpwd/newpwd -s base -b "" objectclass=* > > -- > Donald J. > dona...@4email.net > > On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > > Attempting to use ldapchangepwd. Any idea what is causing error? > > > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 -p > > 389 > > > > Enter current password ==> old > > Enter new password ==> new > > > > ldap_sasl_bind: Credentials are not valid > > ldap_sasl_bind: additional info: R004062 Credentials are not valid > > (ldbm_authenticate_user:252) > > > > Thanks, > > > > Tim Brown > > > > > > > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZLd7j94zTyQxa%2FVaBKKyHfxrRdjH%2FDYQ0OKhKqpVTKM%3D%0A&s=c46847a5cd0a26892078bc3d6e22a0bf2d595a9220741a4c514743596b3c7c0f > - Send your email first class > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
This gets a 0 but the password is still the old one sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base -w oldpwd -n oldpwd -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" "(objectclass=*)" ; Tim -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Donald J. Sent: Tuesday, 21 October, 2014 4:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ldapchangepwd That would be your SUFFIX parameter value. -- Donald J. dona...@4email.net On Tue, Oct 21, 2014, at 01:30 PM, Tim Brown wrote: > Thanks , where is RACFSY7 referred to in DSCONFIG? > > -Original Message- > From: IBM Mainframe Discussion List > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=05dc0b981d58253ccd44b3282c2354b893a58a1d3407a8fb674904a90e2a9cb2] > On Behalf Of Donald J. > Sent: Tuesday, 21 October, 2014 4:12 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ldapchangepwd > > This works for me: > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w > oldpwd/ oldpwd -s base -b "" objectclass=* > > -- > Donald J. > dona...@4email.net > > On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > > Attempting to use ldapchangepwd. Any idea what is causing error? > > > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 > > -p > > 389 > > > > Enter current password ==> old > > Enter new password ==> new > > > > ldap_sasl_bind: Credentials are not valid > > ldap_sasl_bind: additional info: R004062 Credentials are not valid > > (ldbm_authenticate_user:252) > > > > Thanks, > > > > Tim Brown > > > > > > > > > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO > > IBM-MAIN > > -- > https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k=p > CpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6c > tgNHLxNs%3D%0A&m=ZLd7j94zTyQxa%2FVaBKKyHfxrRdjH%2FDYQ0OKhKqpVTKM%3D%0A > &s=c46847a5cd0a26892078bc3d6e22a0bf2d595a9220741a4c514743596b3c7c0f - > Send your email first class > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=55c4f8f8f3de4baea66c410bd628464608789b1d23bb7c45612bc8cf586295ad - Faster than the air-speed velocity of an unladen european swallow -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
-nshow what would be done but don't actually search -n is not newpwd ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=MVS7SUFF -w oldpwd/newwd -s base -b "" objectclass=* This command should work from any platform. The ldapchangpwd is probably mainframe only. -- Donald J. dona...@4email.net On Wed, Oct 22, 2014, at 04:23 AM, Tim Brown wrote: > This gets a 0 but the password is still the old one > > sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base > -w oldpwd > -n oldpwd > -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" > "(objectclass=*)" ; > > Tim > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Donald J. > Sent: Tuesday, 21 October, 2014 4:38 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ldapchangepwd > > That would be your SUFFIX parameter value. > > -- > Donald J. > dona...@4email.net > > On Tue, Oct 21, 2014, at 01:30 PM, Tim Brown wrote: > > Thanks , where is RACFSY7 referred to in DSCONFIG? > > > > -Original Message- > > From: IBM Mainframe Discussion List > > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=05dc0b981d58253ccd44b3282c2354b893a58a1d3407a8fb674904a90e2a9cb2] > > On Behalf Of Donald J. > > Sent: Tuesday, 21 October, 2014 4:12 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: ldapchangepwd > > > > This works for me: > > > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w > > oldpwd/ oldpwd -s base -b "" objectclass=* > > > > -- > > Donald J. > > dona...@4email.net > > > > On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > > > Attempting to use ldapchangepwd. Any idea what is causing error? > > > > > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 > > > -p > > > 389 > > > > > > Enter current password ==> old > > > Enter new password ==> new > > > > > > ldap_sasl_bind: Credentials are not valid > > > ldap_sasl_bind: additional info: R004062 Credentials are not valid > > > (ldbm_authenticate_user:252) > > > > > > Thanks, > > > > > > Tim Brown > > > > > > > > > > > > > > > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to lists...@listserv.ua.edu with the message: INFO > > > IBM-MAIN > > > > -- > > https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k=p > > CpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6c > > tgNHLxNs%3D%0A&m=ZLd7j94zTyQxa%2FVaBKKyHfxrRdjH%2FDYQ0OKhKqpVTKM%3D%0A > > &s=c46847a5cd0a26892078bc3d6e22a0bf2d595a9220741a4c514743596b3c7c0f - > > Send your email first class > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=55c4f8f8f3de4baea66c410bd628464608789b1d23bb7c45612bc8cf586295ad > - Faster than the air-speed velocity of an > unladen european swallow > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- http://www.fastmail.fm - Email service worth paying for. Try it for free -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: ldapchangepwd
If I use sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base -w oldpwd/newpwd -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" "(objectclass=*)" ; I get ldap_sasl_bind: Credentials are not valid ldap_sasl_bind: additional info: R000104 The password is not correct or the user is not completely defined (missing password or uid) (srv_authenticate_native Tim -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Donald J. Sent: Wednesday, 22 October, 2014 7:58 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ldapchangepwd -nshow what would be done but don't actually search -n is not newpwd ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=MVS7SUFF -w oldpwd/newwd -s base -b "" objectclass=* This command should work from any platform. The ldapchangpwd is probably mainframe only. -- Donald J. dona...@4email.net On Wed, Oct 22, 2014, at 04:23 AM, Tim Brown wrote: > This gets a 0 but the password is still the old one > > sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base > -w oldpwd > -n oldpwd > -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" > "(objectclass=*)" ; > > Tim > > -Original Message- > From: IBM Mainframe Discussion List > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=LvtsCzDNCf75euyc4fzn5EL5io%2BAybqG25QdZY9UXRM%3D%0A&s=834b9e0b9d05ee05e89e6f00605419e0203a44ff27e3c9f47248ecb9186369b2] > On Behalf Of Donald J. > Sent: Tuesday, 21 October, 2014 4:38 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ldapchangepwd > > That would be your SUFFIX parameter value. > > -- > Donald J. > dona...@4email.net > > On Tue, Oct 21, 2014, at 01:30 PM, Tim Brown wrote: > > Thanks , where is RACFSY7 referred to in DSCONFIG? > > > > -Original Message- > > From: IBM Mainframe Discussion List > > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=05dc0b981d58253ccd44b3282c2354b893a58a1d3407a8fb674904a90e2a9cb2] > > On Behalf Of Donald J. > > Sent: Tuesday, 21 October, 2014 4:12 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: ldapchangepwd > > > > This works for me: > > > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w > > oldpwd/ oldpwd -s base -b "" objectclass=* > > > > -- > > Donald J. > > dona...@4email.net > > > > On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > > > Attempting to use ldapchangepwd. Any idea what is causing error? > > > > > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 > > > -p > > > 389 > > > > > > Enter current password ==> old > > > Enter new password ==> new > > > > > > ldap_sasl_bind: Credentials are not valid > > > ldap_sasl_bind: additional info: R004062 Credentials are not valid > > > (ldbm_authenticate_user:252) > > > > > > Thanks, > > > > > > Tim Brown > > > > > > > > > > > > > > > -- > > > -- > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to lists...@listserv.ua.edu with the message: INFO > > > IBM-MAIN > > > > -- > > https://urldefense.proofpoint.com/v1/url?u=http://www.fastmail.fm/&k > > =p > > CpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC > > 6c > > tgNHLxNs%3D%0A&m=ZLd7j94zTyQxa%2FVaBKKyHfxrRdjH%2FDYQ0OKhKqpVTKM%3D% > > 0A > > &s=c46847a5cd0a26892078bc3d6e22a0bf2d595a9220741a4c514743596b3c7c0f > > - Send your email first class > > > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO > > IBM-MAIN > > > > > > -- For IBM-MAIN subscribe / signoff / archive access instruct
Re: ldapchangepwd
You are not supplying valid bind credentials. Suggest you get any ldapsearch to work first using TESTUSER's bind credentials. Then the password can be changed with just the addition of /newpwd after the current password on the ldapsearch. -- Donald J. dona...@4email.net On Wed, Oct 22, 2014, at 11:52 AM, Tim Brown wrote: > If I use > > sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base > -w oldpwd/newpwd > -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" > "(objectclass=*)" ; > > > I get > > ldap_sasl_bind: Credentials are not valid > > ldap_sasl_bind: additional info: R000104 The password is not correct or the > user is not completely defined (missing password or uid) > (srv_authenticate_native > > > Tim > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Donald J. > Sent: Wednesday, 22 October, 2014 7:58 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ldapchangepwd > > -nshow what would be done but don't actually search > > -n is not newpwd > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=MVS7SUFF >-w oldpwd/newwd -s base -b "" objectclass=* > > This command should work from any platform. > The ldapchangpwd is probably mainframe only. > > -- > Donald J. > dona...@4email.net > > On Wed, Oct 22, 2014, at 04:23 AM, Tim Brown wrote: > > This gets a 0 but the password is still the old one > > > > sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base > > -w oldpwd > > -n oldpwd > > -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" > > "(objectclass=*)" ; > > > > Tim > > > > -Original Message- > > From: IBM Mainframe Discussion List > > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=LvtsCzDNCf75euyc4fzn5EL5io%2BAybqG25QdZY9UXRM%3D%0A&s=834b9e0b9d05ee05e89e6f00605419e0203a44ff27e3c9f47248ecb9186369b2] > > On Behalf Of Donald J. > > Sent: Tuesday, 21 October, 2014 4:38 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: ldapchangepwd > > > > That would be your SUFFIX parameter value. > > > > -- > > Donald J. > > dona...@4email.net > > > > On Tue, Oct 21, 2014, at 01:30 PM, Tim Brown wrote: > > > Thanks , where is RACFSY7 referred to in DSCONFIG? > > > > > > -Original Message- > > > From: IBM Mainframe Discussion List > > > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=05dc0b981d58253ccd44b3282c2354b893a58a1d3407a8fb674904a90e2a9cb2] > > > On Behalf Of Donald J. > > > Sent: Tuesday, 21 October, 2014 4:12 PM > > > To: IBM-MAIN@LISTSERV.UA.EDU > > > Subject: Re: ldapchangepwd > > > > > > This works for me: > > > > > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 -w > > > oldpwd/ oldpwd -s base -b "" objectclass=* > > > > > > -- > > > Donald J. > > > dona...@4email.net > > > > > > On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > > > > Attempting to use ldapchangepwd. Any idea what is causing error? > > > > > > > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h 127.0.0.1 > > > > -p > > > > 389 > > > > > > > > Enter current password ==> old > > > > Enter new password ==> new > > > > > > > > ldap_sasl_bind: Credentials are not valid > > > > ldap_sasl_bind: additional info: R004062 Credentials are not valid > > > > (ldbm_authenticate_user:252) > > > > > > > > Thanks, > > > > > > > > Tim Brown > > > > > > > > > > > > > > > > > > > > -- > > > > -- > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > > send email to lists...@listserv.ua.edu with the message
Re: ldapchangepwd
If I perform a ldapsearch with IBMUSER it works If I perform same with my id that has the SPECIAL attribute I get this message in SYSLOG. ICH408I USER(MYID ) GROUP(MYGROUP ) NAME(ME ) 383 LOGON/JOB INITIATION - PASS PHRASE IS NOT VALID We are not using password phrases. Does LDAP require it? Tim -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Donald J. Sent: Wednesday, 22 October, 2014 8:54 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ldapchangepwd You are not supplying valid bind credentials. Suggest you get any ldapsearch to work first using TESTUSER's bind credentials. Then the password can be changed with just the addition of /newpwd after the current password on the ldapsearch. -- Donald J. dona...@4email.net On Wed, Oct 22, 2014, at 11:52 AM, Tim Brown wrote: > If I use > > sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base > -w oldpwd/newpwd > -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" > "(objectclass=*)" ; > > > I get > > ldap_sasl_bind: Credentials are not valid > > ldap_sasl_bind: additional info: R000104 The password is not correct > or the user is not completely defined (missing password or uid) > (srv_authenticate_native > > > Tim > -Original Message- > From: IBM Mainframe Discussion List > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=Scr1WE%2BLEQqN8jqirNoad8Dd2fOlRSen92yxFgBRtzo%3D%0A&s=029d104f6db3b54d062a7183c4c2d3086bbc5e6923736cbdfb31282e9ce8abed] > On Behalf Of Donald J. > Sent: Wednesday, 22 October, 2014 7:58 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ldapchangepwd > > -nshow what would be done but don't actually search > > -n is not newpwd > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=MVS7SUFF >-w oldpwd/newwd -s base -b "" objectclass=* > > This command should work from any platform. > The ldapchangpwd is probably mainframe only. > > -- > Donald J. > dona...@4email.net > > On Wed, Oct 22, 2014, at 04:23 AM, Tim Brown wrote: > > This gets a 0 but the password is still the old one > > > > sh /bin/ldapsearch -h 127.0.0.1 -p 389 -s base > > -w oldpwd > > -n oldpwd > > -D "racfid=TESTUSER,profiletype=user,sysplex=sysplex1" > > "(objectclass=*)" ; > > > > Tim > > > > -Original Message- > > From: IBM Mainframe Discussion List > > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=LvtsCzDNCf75euyc4fzn5EL5io%2BAybqG25QdZY9UXRM%3D%0A&s=834b9e0b9d05ee05e89e6f00605419e0203a44ff27e3c9f47248ecb9186369b2] > > On Behalf Of Donald J. > > Sent: Tuesday, 21 October, 2014 4:38 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: ldapchangepwd > > > > That would be your SUFFIX parameter value. > > > > -- > > Donald J. > > dona...@4email.net > > > > On Tue, Oct 21, 2014, at 01:30 PM, Tim Brown wrote: > > > Thanks , where is RACFSY7 referred to in DSCONFIG? > > > > > > -Original Message- > > > From: IBM Mainframe Discussion List > > > [https://urldefense.proofpoint.com/v1/url?u=http://mailto:IBM-MAIN%40LISTSERV.UA.EDU&k=pCpgOv%2FKLW5dYRss05kLEw%3D%3D%0A&r=tQq0J85k4w4CeO1cI0sWanGhPyb3Fq7EC6ctgNHLxNs%3D%0A&m=ZeARdsZMMXsaihBVF4w4otzQdqnzQnWZOfvpQ%2FfX%2FFY%3D%0A&s=05dc0b981d58253ccd44b3282c2354b893a58a1d3407a8fb674904a90e2a9cb2] > > > On Behalf Of Donald J. > > > Sent: Tuesday, 21 October, 2014 4:12 PM > > > To: IBM-MAIN@LISTSERV.UA.EDU > > > Subject: Re: ldapchangepwd > > > > > > This works for me: > > > > > > ldapsearch -h mvs7 -D racfid=jojo123,profiletype=user,cn=RACFSY7 > > > -w oldpwd/ oldpwd -s base -b "" objectclass=* > > > > > > -- > > > Donald J. > > > dona...@4email.net > > > > > > On Tue, Oct 21, 2014, at 07:58 AM, Tim Brown wrote: > > > > Attempting to use ldapchangepwd. Any idea what is causing error? > > > > > > > > ldapchangepwd -D "cn=TESTUSER,o=IBM,c=US" -w ? -n ? -h > > > > 127.0.0.1 -p > &g
