[Systems] Reset Expired LDAP Password
James Cameron
quozl at laptop.org
Thu Sep 27 01:39:44 EDT 2018
Bernie, can I change the RootDN password?
Ibiam, what does ldap.sugarlabs.org show you when you try to change
your password?
--
Ibiam sent me his password, and it didn't work for me;
sunjammer:~# ldappasswd -H ldap://127.0.0.1 -x -D "uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
Old password:
Re-enter old password:
New password:
Re-enter new password:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
49!sunjammer:~#
On https://ldap.sugarlabs.org/passwd the response was "Wrong username
or password.", which means @ldap_bind failed twice.
On Wed, Sep 26, 2018 at 11:32:53AM +1000, James Cameron wrote:
> Ibiam and I talked about this problem after the meeting today.
>
> Our plan is for Ibiam to send me the password using GnuPG, and I'll
> try ldappasswd after su.
>
> Logs from sunjammer from this event;
> http://dev.laptop.org/~quozl/z/1g4wNM.txt
>
> On Tue, Sep 25, 2018 at 02:44:26PM +0100, Chihurumnaya Ibiam wrote:
> > James no error from "ssh -v", it only shows connection was established
> > and a warning that my password is expired and i should change it but
> > typing my password only throws an incorrect password error.
> >
> > --
> >
> > Ibiam Chihurumnaya
> > [1]ibiamchihurumnaya at gmail.com
> >
> > On Tue, Sep 25, 2018 at 11:04 AM James Cameron <[2]quozl at laptop.org> wrote:
> >
> > Changing my password using [3]ldap.sugarlabs.org failed with; "Can't
> > modify LDAP information."
> >
> > Changing my password using ldappasswd from sunjammer shell prompt
> > seemed to work;
> >
> > quozl at sunjammer:~$ ldappasswd -H ldap://[4]127.0.0.1 -x -D "uid=quozl,ou=
> > People,dc=sugarlabs,dc=org" -W -A -S
> > Old password: <oldpassword>
> > Re-enter old password: <oldpassword>
> > New password: <newpassword>
> > Re-enter new password: <newpassword>
> > Enter LDAP Password: <oldpassword>
> > quozl at sunjammer:~$
> >
> > However shadowLastChange for me hasn't moved, so I'm not sure if it
> > really worked. Password authentication isn't enabled for SSH anyway.
> >
> > Checking Ibiam's entry using ldapsearch;
> >
> > $ ldapsearch -x -LLL uid=ibiamchihurumnaya
> > dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org
> > uid: ibiamchihurumnaya
> > cn: Chihurumnaya Ibiam
> > sn: Ibiam
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > shadowMax: 365
> > shadowWarning: 14
> > uidNumber: 837
> > gidNumber: 837
> > homeDirectory: /home/ibiamchihurumnaya
> > gecos: Chihurumnaya Ibiam
> > displayName: Chihurumnaya Ibiam
> > givenName: Chihurumnaya
> > loginShell: /bin/bash
> > mail: [5]ibiamchihurumnaya at gmail.com
> > shadowLastChange: 17407 (29th August 2017)
> >
> > Current date is beyond shadowLastChange plus shadowMax plus
> > shadowWarning, so the account is probably inactive and disabled.
> >
> > Ibiam, is there some indication you have received to confirm that,
> > e.g. an "ssh -v" error?
> >
> > I've tried changing Ibiam's password as root, but it prompts me for
> > Ibiam's old password, which I don't know.
> >
> > sunjammer:~# ldappasswd -H ldap://[6]127.0.0.1 -x -D "uid=
> > ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
> > Old password:
> >
> > I've found a procedure for changing the RootDN password for OpenLDAP,
> > but if I did that I'd need a secure way to communicate it to other
> > system administrators. It also looks hacky and prone to error, so I'm
> > not sure the procedure is correct.
> >
> > [7]https://www.digitalocean.com/community/tutorials/
> > how-to-change-account-passwords-on-an-openldap-server
> >
> > On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya Ibiam wrote:
> > > Hi all,
> > >
> > > I recently complained about my sunjammer account as I haven't been able
> > to
> > > login because my password is expired and using [1][8]ldap.sugarlabs.org I
> > couldn't
> > > reset my password, and I've not been able to send emails from my @[2]
> > > [9]sugarlabs.org address and my emails to the lists I'm subscribed to at
> > [3]
> > > [10]lists.sugarlabs.org gets bounced.
> > >
> > > Bernie asked for my gpg key and I gave it to him and I haven't had a
> > reply
> > > since then, I've attached my gpg key here too. Thanks.
> > >
> > > --
> > >
> > > Ibiam Chihurumnaya
> > > [4][11]ibiamchihurumnaya at gmail.com
> > >
> > > References:
> > >
> > > [1] [12]http://ldap.sugarlabs.org/
> > > [2] [13]http://sugarlabs.org/
> > > [3] [14]http://lists.sugarlabs.org/
> > > [4] mailto:[15]ibiamchihurumnaya at gmail.com
> >
> > > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > >
> > > mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA
> > > B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+
> > > v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM
> > > w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa
> > > 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd
> > > Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt
> > > bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x
> > > zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
> > > AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS
> > > iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU
> > > Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP
> > > MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D
> > > KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q
> > > wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh
> > > vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+
> > > rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn
> > > V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o
> > > 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX
> > > 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+
> > > Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L
> > > MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5
> > > 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB
> > > 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o
> > > pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX
> > > itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k
> > > StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP
> > > JSeiVJ+oqNs=
> > > =lcIl
> > > -----END PGP PUBLIC KEY BLOCK-----
> >
> > --
> > James Cameron
> > [16]http://quozl.netrek.org/
> >
> > References:
> >
> > [1] mailto:ibiamchihurumnaya at gmail.com
> > [2] mailto:quozl at laptop.org
> > [3] http://ldap.sugarlabs.org/
> > [4] http://127.0.0.1/
> > [5] mailto:ibiamchihurumnaya at gmail.com
> > [6] http://127.0.0.1/
> > [7] https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server
> > [8] http://ldap.sugarlabs.org/
> > [9] http://sugarlabs.org/
> > [10] http://lists.sugarlabs.org/
> > [11] mailto:ibiamchihurumnaya at gmail.com
> > [12] http://ldap.sugarlabs.org/
> > [13] http://sugarlabs.org/
> > [14] http://lists.sugarlabs.org/
> > [15] mailto:ibiamchihurumnaya at gmail.com
> > [16] http://quozl.netrek.org/
>
> > _______________________________________________
> > Systems mailing list
> > Systems at lists.sugarlabs.org
> > http://lists.sugarlabs.org/listinfo/systems
>
>
> --
> James Cameron
> http://quozl.netrek.org/
--
James Cameron
http://quozl.netrek.org/
More information about the Systems
mailing list