[Systems] Reset Expired LDAP Password

Chihurumnaya Ibiam ibiamchihurumnaya at gmail.com
Fri Sep 28 10:53:54 EDT 2018


Hi, this is the output from using the ldappasswd utility

$ ldappasswd -H ldap://127.0.0.1 -x -D
"uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
Old password:
Re-enter old password:
New password:
Re-enter new password:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I couldn't change it, what's should be the value of "Enter LDAP Password:
"? I used my old password as the value.

Using ldap.sugarlabs.org/passwd I still get the same error "Wrong username
or password."

-- 

Ibiam Chihurumnaya
ibiamchihurumnaya at gmail.com



On Fri, Sep 28, 2018 at 1:42 AM James Cameron <quozl at laptop.org> wrote:

> Ibiam has shell access to sunjammer again following my change to
> password and expiry period.
>
> Ibiam, please;
>
> - try using sunjammer shell ldappasswd to change your password,
>
> - try using ldap.sugarlabs.org to change your password,
>
> Let us know the results.
>
> On Thu, Sep 27, 2018 at 03:19:56PM +0100, Chihurumnaya Ibiam wrote:
> > Hi James,
> >
> > I get this error "Wrong username or password."
> >
> > --
> >
> > Ibiam Chihurumnaya
> > [1]ibiamchihurumnaya at gmail.com
> >
> > On Thu, Sep 27, 2018 at 6:39 AM James Cameron <[2]quozl at laptop.org>
> wrote:
> >
> >     Bernie, can I change the RootDN password?
> >
> >     Ibiam, what does [3]ldap.sugarlabs.org show you when you try to
> change
> >     your password?
> >
> >     --
> >
> >     Ibiam sent me his password, and it didn't work for me;
> >
> >     sunjammer:~# ldappasswd -H ldap://[4]127.0.0.1 -x -D "uid=
> >     ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
> >     Old password:
> >     Re-enter old password:
> >     New password:
> >     Re-enter new password:
> >     Enter LDAP Password:
> >     ldap_bind: Invalid credentials (49)
> >     49!sunjammer:~#
> >
> >     On [5]https://ldap.sugarlabs.org/passwd the response was "Wrong
> username
> >     or password.", which means @ldap_bind failed twice.
> >
> >     On Wed, Sep 26, 2018 at 11:32:53AM +1000, James Cameron wrote:
> >     > Ibiam and I talked about this problem after the meeting today.
> >     >
> >     > Our plan is for Ibiam to send me the password using GnuPG, and I'll
> >     > try ldappasswd after su.
> >     >
> >     > Logs from sunjammer from this event;
> >     > [6]http://dev.laptop.org/~quozl/z/1g4wNM.txt
> >     >
> >     > On Tue, Sep 25, 2018 at 02:44:26PM +0100, Chihurumnaya Ibiam wrote:
> >     > > James no error from "ssh -v", it only shows connection was
> established
> >     > > and a warning that my password is expired and i should change it
> but
> >     > > typing my password only throws an incorrect password error.
> >     > >
> >     > > --
> >     > >
> >     > > Ibiam Chihurumnaya
> >     > > [1][7]ibiamchihurumnaya at gmail.com
> >     > >
> >     > > On Tue, Sep 25, 2018 at 11:04 AM James Cameron <[2][8]
> quozl at laptop.org>
> >     wrote:
> >     > >
> >     > >     Changing my password using [3][9]ldap.sugarlabs.org failed
> with;
> >     "Can't
> >     > >     modify LDAP information."
> >     > >
> >     > >     Changing my password using ldappasswd from sunjammer shell
> prompt
> >     > >     seemed to work;
> >     > >
> >     > >     quozl at sunjammer:~$ ldappasswd -H ldap://[4]127.0.0.1 -x -D
> "uid=
> >     quozl,ou=
> >     > >     People,dc=sugarlabs,dc=org" -W -A -S
> >     > >     Old password: <oldpassword>
> >     > >     Re-enter old password: <oldpassword>
> >     > >     New password: <newpassword>
> >     > >     Re-enter new password: <newpassword>
> >     > >     Enter LDAP Password: <oldpassword>
> >     > >     quozl at sunjammer:~$
> >     > >
> >     > >     However shadowLastChange for me hasn't moved, so I'm not
> sure if it
> >     > >     really worked.  Password authentication isn't enabled for SSH
> >     anyway.
> >     > >
> >     > >     Checking Ibiam's entry using ldapsearch;
> >     > >
> >     > >     $ ldapsearch -x -LLL uid=ibiamchihurumnaya
> >     > >     dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org
> >     > >     uid: ibiamchihurumnaya
> >     > >     cn: Chihurumnaya Ibiam
> >     > >     sn: Ibiam
> >     > >     objectClass: person
> >     > >     objectClass: organizationalPerson
> >     > >     objectClass: inetOrgPerson
> >     > >     objectClass: posixAccount
> >     > >     objectClass: top
> >     > >     objectClass: shadowAccount
> >     > >     shadowMax: 365
> >     > >     shadowWarning: 14
> >     > >     uidNumber: 837
> >     > >     gidNumber: 837
> >     > >     homeDirectory: /home/ibiamchihurumnaya
> >     > >     gecos: Chihurumnaya Ibiam
> >     > >     displayName: Chihurumnaya Ibiam
> >     > >     givenName: Chihurumnaya
> >     > >     loginShell: /bin/bash
> >     > >     mail: [5][10]ibiamchihurumnaya at gmail.com
> >     > >     shadowLastChange: 17407 (29th August 2017)
> >     > >
> >     > >     Current date is beyond shadowLastChange plus shadowMax plus
> >     > >     shadowWarning, so the account is probably inactive and
> disabled.
> >     > >
> >     > >     Ibiam, is there some indication you have received to confirm
> that,
> >     > >     e.g. an "ssh -v" error?
> >     > >
> >     > >     I've tried changing Ibiam's password as root, but it prompts
> me for
> >     > >     Ibiam's old password, which I don't know.
> >     > >
> >     > >     sunjammer:~# ldappasswd -H ldap://[6]127.0.0.1 -x -D "uid=
> >     > >     ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
> >     > >     Old password:
> >     > >
> >     > >     I've found a procedure for changing the RootDN password for
> >     OpenLDAP,
> >     > >     but if I did that I'd need a secure way to communicate it to
> other
> >     > >     system administrators.  It also looks hacky and prone to
> error, so
> >     I'm
> >     > >     not sure the procedure is correct.
> >     > >
> >     > >     [7][11]https://www.digitalocean.com/community/tutorials/
> >     > >     how-to-change-account-passwords-on-an-openldap-server
> >     > >
> >     > >     On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya Ibiam
> wrote:
> >     > >     > Hi all,
> >     > >     >
> >     > >     > I recently complained about my sunjammer account as I
> haven't
> >     been able
> >     > >     to
> >     > >     > login because my password is expired and using [1][8][12]
> >     ldap.sugarlabs.org I
> >     > >     couldn't
> >     > >     > reset my password, and I've not been able to send emails
> from my
> >     @[2]
> >     > >     > [9][13]sugarlabs.org address and my emails to the lists
> I'm
> >     subscribed to at
> >     > >     [3]
> >     > >     > [10][14]lists.sugarlabs.org gets bounced.
> >     > >     >
> >     > >     > Bernie asked for my gpg key and I gave it to him and I
> haven't
> >     had a
> >     > >     reply
> >     > >     > since then, I've attached my gpg key here too. Thanks.
> >     > >     >
> >     > >     > --
> >     > >     >
> >     > >     > Ibiam Chihurumnaya
> >     > >     > [4][11][15]ibiamchihurumnaya at gmail.com
> >     > >     >
> >     > >     > References:
> >     > >     >
> >     > >     > [1] [12][16]http://ldap.sugarlabs.org/
> >     > >     > [2] [13][17]http://sugarlabs.org/
> >     > >     > [3] [14][18]http://lists.sugarlabs.org/
> >     > >     > [4] mailto:[15][19]ibiamchihurumnaya at gmail.com
> >     > >
> >     > >     > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >     > >     >
> >     > >     >
> mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA
> >     > >     >
> B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+
> >     > >     >
> v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM
> >     > >     >
> w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa
> >     > >     >
> 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd
> >     > >     >
> Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt
> >     > >     >
> bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x
> >     > >     >
> zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
> >     > >     >
> AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS
> >     > >     >
> iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU
> >     > >     >
> Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP
> >     > >     >
> MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D
> >     > >     >
> KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q
> >     > >     >
> wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh
> >     > >     >
> vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+
> >     > >     >
> rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn
> >     > >     >
> V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o
> >     > >     >
> 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX
> >     > >     >
> 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+
> >     > >     >
> Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L
> >     > >     >
> MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5
> >     > >     >
> 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB
> >     > >     >
> 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o
> >     > >     >
> pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX
> >     > >     >
> itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k
> >     > >     >
> StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP
> >     > >     > JSeiVJ+oqNs=
> >     > >     > =lcIl
> >     > >     > -----END PGP PUBLIC KEY BLOCK-----
> >     > >
> >     > >     --
> >     > >     James Cameron
> >     > >     [16][20]http://quozl.netrek.org/
> >     > >
> >     > > References:
> >     > >
> >     > > [1] mailto:[21]ibiamchihurumnaya at gmail.com
> >     > > [2] mailto:[22]quozl at laptop.org
> >     > > [3] [23]http://ldap.sugarlabs.org/
> >     > > [4] [24]http://127.0.0.1/
> >     > > [5] mailto:[25]ibiamchihurumnaya at gmail.com
> >     > > [6] [26]http://127.0.0.1/
> >     > > [7] [27]https://www.digitalocean.com/community/tutorials/
> >     how-to-change-account-passwords-on-an-openldap-server
> >     > > [8] [28]http://ldap.sugarlabs.org/
> >     > > [9] [29]http://sugarlabs.org/
> >     > > [10] [30]http://lists.sugarlabs.org/
> >     > > [11] mailto:[31]ibiamchihurumnaya at gmail.com
> >     > > [12] [32]http://ldap.sugarlabs.org/
> >     > > [13] [33]http://sugarlabs.org/
> >     > > [14] [34]http://lists.sugarlabs.org/
> >     > > [15] mailto:[35]ibiamchihurumnaya at gmail.com
> >     > > [16] [36]http://quozl.netrek.org/
> >     >
> >     > > _______________________________________________
> >     > > Systems mailing list
> >     > > [37]Systems at lists.sugarlabs.org
> >     > > [38]http://lists.sugarlabs.org/listinfo/systems
> >     >
> >     >
> >     > --
> >     > James Cameron
> >     > [39]http://quozl.netrek.org/
> >
> >     --
> >     James Cameron
> >     [40]http://quozl.netrek.org/
> >
> > References:
> >
> > [1] mailto:ibiamchihurumnaya at gmail.com
> > [2] mailto:quozl at laptop.org
> > [3] http://ldap.sugarlabs.org/
> > [4] http://127.0.0.1/
> > [5] https://ldap.sugarlabs.org/passwd
> > [6] http://dev.laptop.org/~quozl/z/1g4wNM.txt
> > [7] mailto:ibiamchihurumnaya at gmail.com
> > [8] mailto:quozl at laptop.org
> > [9] http://ldap.sugarlabs.org/
> > [10] mailto:ibiamchihurumnaya at gmail.com
> > [11] https://www.digitalocean.com/community/tutorials/
> > [12] http://ldap.sugarlabs.org/
> > [13] http://sugarlabs.org/
> > [14] http://lists.sugarlabs.org/
> > [15] mailto:ibiamchihurumnaya at gmail.com
> > [16] http://ldap.sugarlabs.org/
> > [17] http://sugarlabs.org/
> > [18] http://lists.sugarlabs.org/
> > [19] mailto:ibiamchihurumnaya at gmail.com
> > [20] http://quozl.netrek.org/
> > [21] mailto:ibiamchihurumnaya at gmail.com
> > [22] mailto:quozl at laptop.org
> > [23] http://ldap.sugarlabs.org/
> > [24] http://127.0.0.1/
> > [25] mailto:ibiamchihurumnaya at gmail.com
> > [26] http://127.0.0.1/
> > [27]
> https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server
> > [28] http://ldap.sugarlabs.org/
> > [29] http://sugarlabs.org/
> > [30] http://lists.sugarlabs.org/
> > [31] mailto:ibiamchihurumnaya at gmail.com
> > [32] http://ldap.sugarlabs.org/
> > [33] http://sugarlabs.org/
> > [34] http://lists.sugarlabs.org/
> > [35] mailto:ibiamchihurumnaya at gmail.com
> > [36] http://quozl.netrek.org/
> > [37] mailto:Systems at lists.sugarlabs.org
> > [38] http://lists.sugarlabs.org/listinfo/systems
> > [39] http://quozl.netrek.org/
> > [40] http://quozl.netrek.org/
>
> --
> James Cameron
> http://quozl.netrek.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20180928/7f4b034a/attachment.html>


More information about the Systems mailing list