[Systems] Reset Expired LDAP Password

James Cameron quozl at laptop.org
Tue Sep 25 21:32:53 EDT 2018
Previous message (by thread): [Systems] Reset Expired LDAP Password
Next message (by thread): [Systems] Reset Expired LDAP Password
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ibiam and I talked about this problem after the meeting today.

Our plan is for Ibiam to send me the password using GnuPG, and I'll
try ldappasswd after su.

Logs from sunjammer from this event;
http://dev.laptop.org/~quozl/z/1g4wNM.txt

On Tue, Sep 25, 2018 at 02:44:26PM +0100, Chihurumnaya Ibiam wrote:
> James no error from "ssh -v", it only shows connection was established
> and a warning that my password is expired and i should change it but
> typing my password only throws an incorrect password error.
> 
> --
> 
> Ibiam Chihurumnaya
> [1]ibiamchihurumnaya at gmail.com
> 
> On Tue, Sep 25, 2018 at 11:04 AM James Cameron <[2]quozl at laptop.org> wrote:
> 
>     Changing my password using [3]ldap.sugarlabs.org failed with; "Can't
>     modify LDAP information."
> 
>     Changing my password using ldappasswd from sunjammer shell prompt
>     seemed to work;
> 
>     quozl at sunjammer:~$ ldappasswd -H ldap://[4]127.0.0.1 -x -D "uid=quozl,ou=
>     People,dc=sugarlabs,dc=org" -W -A -S
>     Old password: <oldpassword>
>     Re-enter old password: <oldpassword>
>     New password: <newpassword>
>     Re-enter new password: <newpassword>
>     Enter LDAP Password: <oldpassword>
>     quozl at sunjammer:~$
> 
>     However shadowLastChange for me hasn't moved, so I'm not sure if it
>     really worked.  Password authentication isn't enabled for SSH anyway.
> 
>     Checking Ibiam's entry using ldapsearch;
> 
>     $ ldapsearch -x -LLL uid=ibiamchihurumnaya
>     dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org
>     uid: ibiamchihurumnaya
>     cn: Chihurumnaya Ibiam
>     sn: Ibiam
>     objectClass: person
>     objectClass: organizationalPerson
>     objectClass: inetOrgPerson
>     objectClass: posixAccount
>     objectClass: top
>     objectClass: shadowAccount
>     shadowMax: 365
>     shadowWarning: 14
>     uidNumber: 837
>     gidNumber: 837
>     homeDirectory: /home/ibiamchihurumnaya
>     gecos: Chihurumnaya Ibiam
>     displayName: Chihurumnaya Ibiam
>     givenName: Chihurumnaya
>     loginShell: /bin/bash
>     mail: [5]ibiamchihurumnaya at gmail.com
>     shadowLastChange: 17407 (29th August 2017)
> 
>     Current date is beyond shadowLastChange plus shadowMax plus
>     shadowWarning, so the account is probably inactive and disabled.
> 
>     Ibiam, is there some indication you have received to confirm that,
>     e.g. an "ssh -v" error?
> 
>     I've tried changing Ibiam's password as root, but it prompts me for
>     Ibiam's old password, which I don't know.
> 
>     sunjammer:~# ldappasswd -H ldap://[6]127.0.0.1 -x -D "uid=
>     ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
>     Old password:
> 
>     I've found a procedure for changing the RootDN password for OpenLDAP,
>     but if I did that I'd need a secure way to communicate it to other
>     system administrators.  It also looks hacky and prone to error, so I'm
>     not sure the procedure is correct.
> 
>     [7]https://www.digitalocean.com/community/tutorials/
>     how-to-change-account-passwords-on-an-openldap-server
> 
>     On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya Ibiam wrote:
>     > Hi all,
>     >
>     > I recently complained about my sunjammer account as I haven't been able
>     to
>     > login because my password is expired and using [1][8]ldap.sugarlabs.org I
>     couldn't
>     > reset my password, and I've not been able to send emails from my @[2]
>     > [9]sugarlabs.org address and my emails to the lists I'm subscribed to at
>     [3]
>     > [10]lists.sugarlabs.org gets bounced.
>     >
>     > Bernie asked for my gpg key and I gave it to him and I haven't had a
>     reply
>     > since then, I've attached my gpg key here too. Thanks.
>     >
>     > --
>     >
>     > Ibiam Chihurumnaya
>     > [4][11]ibiamchihurumnaya at gmail.com
>     >
>     > References:
>     >
>     > [1] [12]http://ldap.sugarlabs.org/
>     > [2] [13]http://sugarlabs.org/
>     > [3] [14]http://lists.sugarlabs.org/
>     > [4] mailto:[15]ibiamchihurumnaya at gmail.com
> 
>     > -----BEGIN PGP PUBLIC KEY BLOCK-----
>     >
>     > mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA
>     > B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+
>     > v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM
>     > w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa
>     > 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd
>     > Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt
>     > bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x
>     > zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
>     > AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS
>     > iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU
>     > Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP
>     > MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D
>     > KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q
>     > wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh
>     > vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+
>     > rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn
>     > V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o
>     > 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX
>     > 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+
>     > Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L
>     > MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5
>     > 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB
>     > 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o
>     > pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX
>     > itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k
>     > StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP
>     > JSeiVJ+oqNs=
>     > =lcIl
>     > -----END PGP PUBLIC KEY BLOCK-----
> 
>     --
>     James Cameron
>     [16]http://quozl.netrek.org/
> 
> References:
> 
> [1] mailto:ibiamchihurumnaya at gmail.com
> [2] mailto:quozl at laptop.org
> [3] http://ldap.sugarlabs.org/
> [4] http://127.0.0.1/
> [5] mailto:ibiamchihurumnaya at gmail.com
> [6] http://127.0.0.1/
> [7] https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server
> [8] http://ldap.sugarlabs.org/
> [9] http://sugarlabs.org/
> [10] http://lists.sugarlabs.org/
> [11] mailto:ibiamchihurumnaya at gmail.com
> [12] http://ldap.sugarlabs.org/
> [13] http://sugarlabs.org/
> [14] http://lists.sugarlabs.org/
> [15] mailto:ibiamchihurumnaya at gmail.com
> [16] http://quozl.netrek.org/

> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems


-- 
James Cameron
http://quozl.netrek.org/
Previous message (by thread): [Systems] Reset Expired LDAP Password
Next message (by thread): [Systems] Reset Expired LDAP Password
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Systems mailing list