[389-users] Reset Password as Root if User Forgets Password

Paul Robert Marino prmarino1 at gmail.com
Wed Jan 22 20:26:04 UTC 2014 

your SSL cert or your DNS is bad. TLS requires full forward and revers
lookup of the C name for the host to match one of the host names in
the SSL cert.



On Wed, Jan 22, 2014 at 3:08 PM, Chaudhari, Rohit K.
<Rohit.Chaudhari at jhuapl.edu> wrote:
> I'm not using kerberos.  The other suggestion about using ldappasswd led
> to the error:
>
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> Additional info: TLS: hostname does not match CN in peer certificate
>
> Is there a way to create a JNDI equivalent command so that I could add a
> checkbox to a Java GUI that basically toggles the "force password change
> after reset" checkbox built into the password policy in 389?
>
> On 1/22/14 10:49 AM, "Paul Robert Marino" <prmarino1 at gmail.com> wrote:
>
>>sorry thats not possible.
>>If you are using Kerberos then you can do it via the kadmin command.
>>If not then you have to use one of several other tools like the admin
>>console or ldapmodify for example.
>>
>>
>>On Wed, Jan 22, 2014 at 9:06 AM, Chaudhari, Rohit K.
>><Rohit.Chaudhari at jhuapl.edu> wrote:
>>> Hello,
>>>
>>> I need to be able to reset a LDAP user's password if they forget it
>>>with the
>>> user root.  But when I try the "passwd" command as root for a LDAP
>>>user,  I
>>> get the following:
>>>
>>> (as root)
>>> passwd tuser
>>> Changing password for user tuser.
>>> Password reset by root is not supported.
>>> passwd: Authentication token manipulation error.
>>>
>>> I am using sssd as the LDAP authentication mechanism tool, to be
>>>specific.
>>> Does anyone have a solution to dealing with this issue of resetting a
>>>LDAP
>>> user's password if they forgot it?
>>>
>>> Thanks,
>>>
>>> Rohit
>>>
>>> From: <Chaudhari>, "Rohit K. Chaudhari" <rohit.chaudhari at jhuapl.edu>
>>> Date: Tuesday, January 21, 2014 3:29 PM
>>> To: "General discussion list for the 389 Directory server project."
>>> <389-users at lists.fedoraproject.org>
>>> Subject: using passwd with 389
>>>
>>> Hello,
>>>
>>> I want to be able to use the Unix "passwd" command to reset a LDAP
>>>user's
>>> password from the command line.  However, I keep getting an
>>>authentication
>>> token manipulation error whenever I try to reset the password using that
>>> command.  What do I need to do in the 389 DS or on Unix in order to get
>>>this
>>> command to work?
>>>
>>> Thanks,
>>>
>>> Rohit
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>--
>>389 users mailing list
>>389-users at lists.fedoraproject.org
>>https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list