[Systems] Reset Expired LDAP Password
Samuel Cantero
scanterog at gmail.com
Tue Nov 26 11:34:24 EST 2019
Ibiam, I would assume somehow you're confused and you do not have your
password correctly. I can try to reset it for you though. I'm not at home
right now and I'm only have my work laptop with me (which does not have my
SL keys). I will ping you later!
On Tue, Nov 26, 2019 at 4:26 PM Chihurumnaya Ibiam <
ibiamchihurumnaya at gmail.com> wrote:
> It's not working for me and I've also tried running
>
> ldappasswd -H ldap://127.0.0.1 -x -D
> "uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
>
> after entering the necessary fields I get this error,
>
> ldap_bind: Invalid credentials (49).
>
> I'm sure of both passwords.
>
> --
>
> Ibiam Chihurumnaya
> ibiamchihurumnaya at gmail.com
>
>
>
> On Tue, Nov 26, 2019 at 4:57 PM Bernie Innocenti <bernie at codewiz.org>
> wrote:
>
>> For the record, my shell account on sunjammer expired today. I went to
>> the web form (https://ldap.sugarlabs.org/passwd) and I was able to
>> change my password normally.
>>
>> If it's not working for other users, they might be doing something
>> differently, or their accounts are not setup the same way as mine.
>>
>> On 29/09/2018 01.01, Bernie Innocenti wrote:
>> > Sorry for jumping into after the end of the show...
>> >
>> > Yes, ldap has always been hellish to configure and admin. We used it
>> early on, when we wanted to share accounts across our servers. But now
>> sunjammer is the only server left with ldap, and we could get rid of it if
>> someone writes a script to migrate the users.
>> >
>> >
>> > On September 28, 2018 12:42:01 AM UTC, James Cameron <quozl at laptop.org>
>> wrote:
>> >> Ibiam has shell access to sunjammer again following my change to
>> >> password and expiry period.
>> >>
>> >> Ibiam, please;
>> >>
>> >> - try using sunjammer shell ldappasswd to change your password,
>> >>
>> >> - try using ldap.sugarlabs.org to change your password,
>> >>
>> >> Let us know the results.
>> >>
>> >> On Thu, Sep 27, 2018 at 03:19:56PM +0100, Chihurumnaya Ibiam wrote:
>> >>> Hi James,
>> >>>
>> >>> I get this error "Wrong username or password."
>> >>>
>> >>> --
>> >>>
>> >>> Ibiam Chihurumnaya
>> >>> [1]ibiamchihurumnaya at gmail.com
>> >>>
>> >>> On Thu, Sep 27, 2018 at 6:39 AM James Cameron <[2]quozl at laptop.org>
>> >> wrote:
>> >>>
>> >>> Bernie, can I change the RootDN password?
>> >>>
>> >>> Ibiam, what does [3]ldap.sugarlabs.org show you when you try to
>> >> change
>> >>> your password?
>> >>>
>> >>> --
>> >>>
>> >>> Ibiam sent me his password, and it didn't work for me;
>> >>>
>> >>> sunjammer:~# ldappasswd -H ldap://[4]127.0.0.1 -x -D "uid=
>> >>> ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
>> >>> Old password:
>> >>> Re-enter old password:
>> >>> New password:
>> >>> Re-enter new password:
>> >>> Enter LDAP Password:
>> >>> ldap_bind: Invalid credentials (49)
>> >>> 49!sunjammer:~#
>> >>>
>> >>> On [5]https://ldap.sugarlabs.org/passwd the response was "Wrong
>> >> username
>> >>> or password.", which means @ldap_bind failed twice.
>> >>>
>> >>> On Wed, Sep 26, 2018 at 11:32:53AM +1000, James Cameron wrote:
>> >>> > Ibiam and I talked about this problem after the meeting today.
>> >>> >
>> >>> > Our plan is for Ibiam to send me the password using GnuPG, and
>> >> I'll
>> >>> > try ldappasswd after su.
>> >>> >
>> >>> > Logs from sunjammer from this event;
>> >>> > [6]http://dev.laptop.org/~quozl/z/1g4wNM.txt
>> >>> >
>> >>> > On Tue, Sep 25, 2018 at 02:44:26PM +0100, Chihurumnaya Ibiam
>> >> wrote:
>> >>> > > James no error from "ssh -v", it only shows connection was
>> >> established
>> >>> > > and a warning that my password is expired and i should change
>> >> it but
>> >>> > > typing my password only throws an incorrect password error.
>> >>> > >
>> >>> > > --
>> >>> > >
>> >>> > > Ibiam Chihurumnaya
>> >>> > > [1][7]ibiamchihurumnaya at gmail.com
>> >>> > >
>> >>> > > On Tue, Sep 25, 2018 at 11:04 AM James Cameron
>> >> <[2][8]quozl at laptop.org>
>> >>> wrote:
>> >>> > >
>> >>> > > Changing my password using [3][9]ldap.sugarlabs.org
>> >> failed with;
>> >>> "Can't
>> >>> > > modify LDAP information."
>> >>> > >
>> >>> > > Changing my password using ldappasswd from sunjammer
>> >> shell prompt
>> >>> > > seemed to work;
>> >>> > >
>> >>> > > quozl at sunjammer:~$ ldappasswd -H ldap://[4]127.0.0.1 -x
>> >> -D "uid=
>> >>> quozl,ou=
>> >>> > > People,dc=sugarlabs,dc=org" -W -A -S
>> >>> > > Old password: <oldpassword>
>> >>> > > Re-enter old password: <oldpassword>
>> >>> > > New password: <newpassword>
>> >>> > > Re-enter new password: <newpassword>
>> >>> > > Enter LDAP Password: <oldpassword>
>> >>> > > quozl at sunjammer:~$
>> >>> > >
>> >>> > > However shadowLastChange for me hasn't moved, so I'm not
>> >> sure if it
>> >>> > > really worked. Password authentication isn't enabled for
>> >> SSH
>> >>> anyway.
>> >>> > >
>> >>> > > Checking Ibiam's entry using ldapsearch;
>> >>> > >
>> >>> > > $ ldapsearch -x -LLL uid=ibiamchihurumnaya
>> >>> > > dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org
>> >>> > > uid: ibiamchihurumnaya
>> >>> > > cn: Chihurumnaya Ibiam
>> >>> > > sn: Ibiam
>> >>> > > objectClass: person
>> >>> > > objectClass: organizationalPerson
>> >>> > > objectClass: inetOrgPerson
>> >>> > > objectClass: posixAccount
>> >>> > > objectClass: top
>> >>> > > objectClass: shadowAccount
>> >>> > > shadowMax: 365
>> >>> > > shadowWarning: 14
>> >>> > > uidNumber: 837
>> >>> > > gidNumber: 837
>> >>> > > homeDirectory: /home/ibiamchihurumnaya
>> >>> > > gecos: Chihurumnaya Ibiam
>> >>> > > displayName: Chihurumnaya Ibiam
>> >>> > > givenName: Chihurumnaya
>> >>> > > loginShell: /bin/bash
>> >>> > > mail: [5][10]ibiamchihurumnaya at gmail.com
>> >>> > > shadowLastChange: 17407 (29th August 2017)
>> >>> > >
>> >>> > > Current date is beyond shadowLastChange plus shadowMax
>> >> plus
>> >>> > > shadowWarning, so the account is probably inactive and
>> >> disabled.
>> >>> > >
>> >>> > > Ibiam, is there some indication you have received to
>> >> confirm that,
>> >>> > > e.g. an "ssh -v" error?
>> >>> > >
>> >>> > > I've tried changing Ibiam's password as root, but it
>> >> prompts me for
>> >>> > > Ibiam's old password, which I don't know.
>> >>> > >
>> >>> > > sunjammer:~# ldappasswd -H ldap://[6]127.0.0.1 -x -D
>> >> "uid=
>> >>> > > ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
>> >>> > > Old password:
>> >>> > >
>> >>> > > I've found a procedure for changing the RootDN password
>> >> for
>> >>> OpenLDAP,
>> >>> > > but if I did that I'd need a secure way to communicate it
>> >> to other
>> >>> > > system administrators. It also looks hacky and prone to
>> >> error, so
>> >>> I'm
>> >>> > > not sure the procedure is correct.
>> >>> > >
>> >>> > > [7][11]https://www.digitalocean.com/community/tutorials/
>> >>> > > how-to-change-account-passwords-on-an-openldap-server
>> >>> > >
>> >>> > > On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya
>> >> Ibiam wrote:
>> >>> > > > Hi all,
>> >>> > > >
>> >>> > > > I recently complained about my sunjammer account as I
>> >> haven't
>> >>> been able
>> >>> > > to
>> >>> > > > login because my password is expired and using
>> >> [1][8][12]
>> >>> ldap.sugarlabs.org I
>> >>> > > couldn't
>> >>> > > > reset my password, and I've not been able to send
>> >> emails from my
>> >>> @[2]
>> >>> > > > [9][13]sugarlabs.org address and my emails to the
>> lists
>> >> I'm
>> >>> subscribed to at
>> >>> > > [3]
>> >>> > > > [10][14]lists.sugarlabs.org gets bounced.
>> >>> > > >
>> >>> > > > Bernie asked for my gpg key and I gave it to him and I
>> >> haven't
>> >>> had a
>> >>> > > reply
>> >>> > > > since then, I've attached my gpg key here too. Thanks.
>> >>> > > >
>> >>> > > > --
>> >>> > > >
>> >>> > > > Ibiam Chihurumnaya
>> >>> > > > [4][11][15]ibiamchihurumnaya at gmail.com
>> >>> > > >
>> >>> > > > References:
>> >>> > > >
>> >>> > > > [1] [12][16]http://ldap.sugarlabs.org/
>> >>> > > > [2] [13][17]http://sugarlabs.org/
>> >>> > > > [3] [14][18]http://lists.sugarlabs.org/
>> >>> > > > [4] mailto:[15][19]ibiamchihurumnaya at gmail.com
>> >>> > >
>> >>> > > > -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >>> > > >
>> >>> > > >
>> >> mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA
>> >>> > > >
>> >> B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+
>> >>> > > >
>> >> v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM
>> >>> > > >
>> >> w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa
>> >>> > > >
>> >> 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd
>> >>> > > >
>> >> Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt
>> >>> > > >
>> >> bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x
>> >>> > > >
>> >> zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
>> >>> > > >
>> >> AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS
>> >>> > > >
>> >> iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU
>> >>> > > >
>> >> Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP
>> >>> > > >
>> >> MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D
>> >>> > > >
>> >> KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q
>> >>> > > >
>> >> wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh
>> >>> > > >
>> >> vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+
>> >>> > > >
>> >> rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn
>> >>> > > >
>> >> V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o
>> >>> > > >
>> >> 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX
>> >>> > > >
>> >> 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+
>> >>> > > >
>> >> Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L
>> >>> > > >
>> >> MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5
>> >>> > > >
>> >> 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB
>> >>> > > >
>> >> 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o
>> >>> > > >
>> >> pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX
>> >>> > > >
>> >> itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k
>> >>> > > >
>> >> StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP
>> >>> > > > JSeiVJ+oqNs=
>> >>> > > > =lcIl
>> >>> > > > -----END PGP PUBLIC KEY BLOCK-----
>> >>> > >
>> >>> > > --
>> >>> > > James Cameron
>> >>> > > [16][20]http://quozl.netrek.org/
>> >>> > >
>> >>> > > References:
>> >>> > >
>> >>> > > [1] mailto:[21]ibiamchihurumnaya at gmail.com
>> >>> > > [2] mailto:[22]quozl at laptop.org
>> >>> > > [3] [23]http://ldap.sugarlabs.org/
>> >>> > > [4] [24]http://127.0.0.1/
>> >>> > > [5] mailto:[25]ibiamchihurumnaya at gmail.com
>> >>> > > [6] [26]http://127.0.0.1/
>> >>> > > [7] [27]https://www.digitalocean.com/community/tutorials/
>> >>> how-to-change-account-passwords-on-an-openldap-server
>> >>> > > [8] [28]http://ldap.sugarlabs.org/
>> >>> > > [9] [29]http://sugarlabs.org/
>> >>> > > [10] [30]http://lists.sugarlabs.org/
>> >>> > > [11] mailto:[31]ibiamchihurumnaya at gmail.com
>> >>> > > [12] [32]http://ldap.sugarlabs.org/
>> >>> > > [13] [33]http://sugarlabs.org/
>> >>> > > [14] [34]http://lists.sugarlabs.org/
>> >>> > > [15] mailto:[35]ibiamchihurumnaya at gmail.com
>> >>> > > [16] [36]http://quozl.netrek.org/
>> >>> >
>> >>> > > _______________________________________________
>> >>> > > Systems mailing list
>> >>> > > [37]Systems at lists.sugarlabs.org
>> >>> > > [38]http://lists.sugarlabs.org/listinfo/systems
>> >>> >
>> >>> >
>> >>> > --
>> >>> > James Cameron
>> >>> > [39]http://quozl.netrek.org/
>> >>>
>> >>> --
>> >>> James Cameron
>> >>> [40]http://quozl.netrek.org/
>> >>>
>> >>> References:
>> >>>
>> >>> [1] mailto:ibiamchihurumnaya at gmail.com
>> >>> [2] mailto:quozl at laptop.org
>> >>> [3] http://ldap.sugarlabs.org/
>> >>> [4] http://127.0.0.1/
>> >>> [5] https://ldap.sugarlabs.org/passwd
>> >>> [6] http://dev.laptop.org/~quozl/z/1g4wNM.txt
>> >>> [7] mailto:ibiamchihurumnaya at gmail.com
>> >>> [8] mailto:quozl at laptop.org
>> >>> [9] http://ldap.sugarlabs.org/
>> >>> [10] mailto:ibiamchihurumnaya at gmail.com
>> >>> [11] https://www.digitalocean.com/community/tutorials/
>> >>> [12] http://ldap.sugarlabs.org/
>> >>> [13] http://sugarlabs.org/
>> >>> [14] http://lists.sugarlabs.org/
>> >>> [15] mailto:ibiamchihurumnaya at gmail.com
>> >>> [16] http://ldap.sugarlabs.org/
>> >>> [17] http://sugarlabs.org/
>> >>> [18] http://lists.sugarlabs.org/
>> >>> [19] mailto:ibiamchihurumnaya at gmail.com
>> >>> [20] http://quozl.netrek.org/
>> >>> [21] mailto:ibiamchihurumnaya at gmail.com
>> >>> [22] mailto:quozl at laptop.org
>> >>> [23] http://ldap.sugarlabs.org/
>> >>> [24] http://127.0.0.1/
>> >>> [25] mailto:ibiamchihurumnaya at gmail.com
>> >>> [26] http://127.0.0.1/
>> >>> [27]
>> >>
>> https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server
>> >>> [28] http://ldap.sugarlabs.org/
>> >>> [29] http://sugarlabs.org/
>> >>> [30] http://lists.sugarlabs.org/
>> >>> [31] mailto:ibiamchihurumnaya at gmail.com
>> >>> [32] http://ldap.sugarlabs.org/
>> >>> [33] http://sugarlabs.org/
>> >>> [34] http://lists.sugarlabs.org/
>> >>> [35] mailto:ibiamchihurumnaya at gmail.com
>> >>> [36] http://quozl.netrek.org/
>> >>> [37] mailto:Systems at lists.sugarlabs.org
>> >>> [38] http://lists.sugarlabs.org/listinfo/systems
>> >>> [39] http://quozl.netrek.org/
>> >>> [40] http://quozl.netrek.org/
>> >>
>> >> --
>> >> James Cameron
>> >> http://quozl.netrek.org/
>> >> _______________________________________________
>> >> Systems mailing list
>> >> Systems at lists.sugarlabs.org
>> >> http://lists.sugarlabs.org/listinfo/systems
>> >
>>
>>
>> --
>> _ // Bernie Innocenti
>> \X/ https://codewiz.org/
>>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20191126/1abfa4de/attachment.html>
More information about the Systems
mailing list