I am not a Apache Directory Studio user (nor an ApacheDS LDAP admin) but
have done administration on a number of other LDAP products.
Are you using the ApacheDS LDAP product?
1) If the ApacheDS LDAP product follows the LDAP RFC then the following
is true about the userpassword attribute:
https://tools.ietf.org/html/rfc4519#section-2.41
2.41. 'userPassword'
The 'userPassword' attribute contains octet strings that are known only
to the user and the system to which the user has access. *Each string is
one value of this multi-valued attribute.*
The application SHOULD prepare textual strings used as passwords by
transcoding them to Unicode, applying SASLprep [RFC4013], and encoding
as UTF-8. The determination of whether a password is textual is a local
client matter. (Source: X.509 [X.509])
( 2.5.4.35 NAME 'userPassword'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String syntax
[RFC4517].
Passwords are stored using an Octet String syntax and are not
encrypted. Transfer of cleartext passwords is strongly discouraged
where the underlying transport service cannot guarantee confidentiality
and may result in disclosure of the password to unauthorized parties.
An example of a need for multiple values in the 'userPassword' attribute
is an environment where every month the user is expected to use a
different password generated by some automated system. During
transitional periods, like the last and first day of the periods, it may
be necessary to allow two passwords for the two consecutive periods to
be valid in the system.
2) How are you changing the password?
3) If you are using Directory Studio, all I can offer is try is try
their ldapmodify command line application:
https://directory.apache.org/apacheds/basic-ug/2.1.1-adding-entries.html
ldapmodify -h /serverIP/ -p /port#/ -D /adminAccount/ -w /password/ -a
-f replace.ldif
Say the user's dn you are talking about is:
/dn: cn=test,cn=users,dc=acme,dc=com/
...create the following ldif file (replace.ldif):
/dn: cn=test,cn=users,dc=acme,dc=com/
changetype: modify
replace: userpassword
userpassword: /aNewValue/
The replace: action will replace all items in a multi-valued attribute
with the listed. In this case /aNewValue/.
Everything I've put in italics you have to use your own values and also
meet whatever password policy your user with the issue is controlled by.
That's all I have, sorry if it does not provide any assistance.
DL
On 3/30/20 1:38 PM, Marius Pana wrote:
On 30 Mar 2020, at 15:55, Lohr, Donald <[email protected]<mailto:[email protected]>>
wrote:
When you change passwords is the ldapmodify action doing an add or replace?
When I change the password it does an add. At least this is what I understand
from the following from the Modification Logs in Directory Studio:
delete: userPassword
userPassword::<snip>
=
-
add: userPassword:: <snip>
DL
On 3/30/20 8:17 AM, Marius Pana wrote:
Hello,
Im not sure how I ended up here but I have a use with two userPassword
attributes. When verifying the users password against those two entries, the
second one is OK while the first “fails”.
<Screenshot 2020-03-30 at 15.04.02.png>
I tried deleting the first one and Directory Studio quickly refreshes, the
attribute is gone for a second then pops right back up. I did not attempt to
delete the second because I am worried it would work and I am left. with the
userPassword attribute which we cannot change as we do not know the initial
password.
Im running:
CentOS Linux release 7.7.1908 (Core)
apacheds-2.0.0_M24-1.x86_64
Any ideas would be welcome.
Thanks,
Marius
This email may contain confidential information. If you are not the intended recipient please notify
the sender immediately. For details regarding our privacy policy, data protection (GDPR) and how we
manage personal information please view this link :
https://urldefense.proofpoint.com/v2/url?u=https-3A__spearhead.systems_privacy.html&d=DwIFaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=RO6ZY4eZlqiQDO05Kv1IrM2nMS71Vy5WsKEGx7Zquuo&s=zjm8aQPaXm06dmSYQdS0SI1RortTxJ2xHU-OwWHtZ-0&e=
--
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
This email may contain confidential information. If you are not the intended recipient please notify
the sender immediately. For details regarding our privacy policy, data protection (GDPR) and how we
manage personal information please view this link :
https://urldefense.proofpoint.com/v2/url?u=https-3A__spearhead.systems_privacy.html&d=DwIFaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=RO6ZY4eZlqiQDO05Kv1IrM2nMS71Vy5WsKEGx7Zquuo&s=zjm8aQPaXm06dmSYQdS0SI1RortTxJ2xHU-OwWHtZ-0&e=
--
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
