[Systems] Reset Expired LDAP Password

Chihurumnaya Ibiam ibiamchihurumnaya at gmail.com
Tue Nov 26 12:38:13 EST 2019


Maybe I did not enter my password correctly. Thanks.

-- 

Ibiam Chihurumnaya
ibiamchihurumnaya at gmail.com



On Tue, Nov 26, 2019 at 5:34 PM Samuel Cantero <scanterog at gmail.com> wrote:

> Ibiam, I would assume somehow you're confused and you do not have your
> password correctly. I can try to reset it for you though. I'm not at home
> right now and I'm only have my work laptop with me (which does not have my
> SL keys). I will ping you later!
>
> On Tue, Nov 26, 2019 at 4:26 PM Chihurumnaya Ibiam <
> ibiamchihurumnaya at gmail.com> wrote:
>
>> It's not working for me and I've also tried running
>>
>> ldappasswd -H ldap://127.0.0.1 -x -D
>> "uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
>>
>> after entering the necessary fields I get this error,
>>
>> ldap_bind: Invalid credentials (49).
>>
>> I'm sure of both passwords.
>>
>> --
>>
>> Ibiam Chihurumnaya
>> ibiamchihurumnaya at gmail.com
>>
>>
>>
>> On Tue, Nov 26, 2019 at 4:57 PM Bernie Innocenti <bernie at codewiz.org>
>> wrote:
>>
>>> For the record, my shell account on sunjammer expired today. I went to
>>> the web form (https://ldap.sugarlabs.org/passwd) and I was able to
>>> change my password normally.
>>>
>>> If it's not working for other users, they might be doing something
>>> differently, or their accounts are not setup the same way as mine.
>>>
>>> On 29/09/2018 01.01, Bernie Innocenti wrote:
>>> > Sorry for jumping into after the end of the show...
>>> >
>>> > Yes, ldap has always been hellish to configure and admin. We used it
>>> early on, when we wanted to share accounts across our servers. But now
>>> sunjammer is the only server left with ldap, and we could get rid of it if
>>> someone writes a script to migrate the users.
>>> >
>>> >
>>> > On September 28, 2018 12:42:01 AM UTC, James Cameron <quozl at laptop.org>
>>> wrote:
>>> >> Ibiam has shell access to sunjammer again following my change to
>>> >> password and expiry period.
>>> >>
>>> >> Ibiam, please;
>>> >>
>>> >> - try using sunjammer shell ldappasswd to change your password,
>>> >>
>>> >> - try using ldap.sugarlabs.org to change your password,
>>> >>
>>> >> Let us know the results.
>>> >>
>>> >> On Thu, Sep 27, 2018 at 03:19:56PM +0100, Chihurumnaya Ibiam wrote:
>>> >>> Hi James,
>>> >>>
>>> >>> I get this error "Wrong username or password."
>>> >>>
>>> >>> --
>>> >>>
>>> >>> Ibiam Chihurumnaya
>>> >>> [1]ibiamchihurumnaya at gmail.com
>>> >>>
>>> >>> On Thu, Sep 27, 2018 at 6:39 AM James Cameron <[2]quozl at laptop.org>
>>> >> wrote:
>>> >>>
>>> >>>      Bernie, can I change the RootDN password?
>>> >>>
>>> >>>      Ibiam, what does [3]ldap.sugarlabs.org show you when you try to
>>> >> change
>>> >>>      your password?
>>> >>>
>>> >>>      --
>>> >>>
>>> >>>      Ibiam sent me his password, and it didn't work for me;
>>> >>>
>>> >>>      sunjammer:~# ldappasswd -H ldap://[4]127.0.0.1 -x -D "uid=
>>> >>>      ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
>>> >>>      Old password:
>>> >>>      Re-enter old password:
>>> >>>      New password:
>>> >>>      Re-enter new password:
>>> >>>      Enter LDAP Password:
>>> >>>      ldap_bind: Invalid credentials (49)
>>> >>>      49!sunjammer:~#
>>> >>>
>>> >>>      On [5]https://ldap.sugarlabs.org/passwd the response was "Wrong
>>> >> username
>>> >>>      or password.", which means @ldap_bind failed twice.
>>> >>>
>>> >>>      On Wed, Sep 26, 2018 at 11:32:53AM +1000, James Cameron wrote:
>>> >>>      > Ibiam and I talked about this problem after the meeting today.
>>> >>>      >
>>> >>>      > Our plan is for Ibiam to send me the password using GnuPG, and
>>> >> I'll
>>> >>>      > try ldappasswd after su.
>>> >>>      >
>>> >>>      > Logs from sunjammer from this event;
>>> >>>      > [6]http://dev.laptop.org/~quozl/z/1g4wNM.txt
>>> >>>      >
>>> >>>      > On Tue, Sep 25, 2018 at 02:44:26PM +0100, Chihurumnaya Ibiam
>>> >> wrote:
>>> >>>      > > James no error from "ssh -v", it only shows connection was
>>> >> established
>>> >>>      > > and a warning that my password is expired and i should
>>> change
>>> >> it but
>>> >>>      > > typing my password only throws an incorrect password error.
>>> >>>      > >
>>> >>>      > > --
>>> >>>      > >
>>> >>>      > > Ibiam Chihurumnaya
>>> >>>      > > [1][7]ibiamchihurumnaya at gmail.com
>>> >>>      > >
>>> >>>      > > On Tue, Sep 25, 2018 at 11:04 AM James Cameron
>>> >> <[2][8]quozl at laptop.org>
>>> >>>      wrote:
>>> >>>      > >
>>> >>>      > >     Changing my password using [3][9]ldap.sugarlabs.org
>>> >> failed with;
>>> >>>      "Can't
>>> >>>      > >     modify LDAP information."
>>> >>>      > >
>>> >>>      > >     Changing my password using ldappasswd from sunjammer
>>> >> shell prompt
>>> >>>      > >     seemed to work;
>>> >>>      > >
>>> >>>      > >     quozl at sunjammer:~$ ldappasswd -H ldap://[4]127.0.0.1 -x
>>> >> -D "uid=
>>> >>>      quozl,ou=
>>> >>>      > >     People,dc=sugarlabs,dc=org" -W -A -S
>>> >>>      > >     Old password: <oldpassword>
>>> >>>      > >     Re-enter old password: <oldpassword>
>>> >>>      > >     New password: <newpassword>
>>> >>>      > >     Re-enter new password: <newpassword>
>>> >>>      > >     Enter LDAP Password: <oldpassword>
>>> >>>      > >     quozl at sunjammer:~$
>>> >>>      > >
>>> >>>      > >     However shadowLastChange for me hasn't moved, so I'm not
>>> >> sure if it
>>> >>>      > >     really worked.  Password authentication isn't enabled
>>> for
>>> >> SSH
>>> >>>      anyway.
>>> >>>      > >
>>> >>>      > >     Checking Ibiam's entry using ldapsearch;
>>> >>>      > >
>>> >>>      > >     $ ldapsearch -x -LLL uid=ibiamchihurumnaya
>>> >>>      > >     dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org
>>> >>>      > >     uid: ibiamchihurumnaya
>>> >>>      > >     cn: Chihurumnaya Ibiam
>>> >>>      > >     sn: Ibiam
>>> >>>      > >     objectClass: person
>>> >>>      > >     objectClass: organizationalPerson
>>> >>>      > >     objectClass: inetOrgPerson
>>> >>>      > >     objectClass: posixAccount
>>> >>>      > >     objectClass: top
>>> >>>      > >     objectClass: shadowAccount
>>> >>>      > >     shadowMax: 365
>>> >>>      > >     shadowWarning: 14
>>> >>>      > >     uidNumber: 837
>>> >>>      > >     gidNumber: 837
>>> >>>      > >     homeDirectory: /home/ibiamchihurumnaya
>>> >>>      > >     gecos: Chihurumnaya Ibiam
>>> >>>      > >     displayName: Chihurumnaya Ibiam
>>> >>>      > >     givenName: Chihurumnaya
>>> >>>      > >     loginShell: /bin/bash
>>> >>>      > >     mail: [5][10]ibiamchihurumnaya at gmail.com
>>> >>>      > >     shadowLastChange: 17407 (29th August 2017)
>>> >>>      > >
>>> >>>      > >     Current date is beyond shadowLastChange plus shadowMax
>>> >> plus
>>> >>>      > >     shadowWarning, so the account is probably inactive and
>>> >> disabled.
>>> >>>      > >
>>> >>>      > >     Ibiam, is there some indication you have received to
>>> >> confirm that,
>>> >>>      > >     e.g. an "ssh -v" error?
>>> >>>      > >
>>> >>>      > >     I've tried changing Ibiam's password as root, but it
>>> >> prompts me for
>>> >>>      > >     Ibiam's old password, which I don't know.
>>> >>>      > >
>>> >>>      > >     sunjammer:~# ldappasswd -H ldap://[6]127.0.0.1 -x -D
>>> >> "uid=
>>> >>>      > >     ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A
>>> -S
>>> >>>      > >     Old password:
>>> >>>      > >
>>> >>>      > >     I've found a procedure for changing the RootDN password
>>> >> for
>>> >>>      OpenLDAP,
>>> >>>      > >     but if I did that I'd need a secure way to communicate
>>> it
>>> >> to other
>>> >>>      > >     system administrators.  It also looks hacky and prone to
>>> >> error, so
>>> >>>      I'm
>>> >>>      > >     not sure the procedure is correct.
>>> >>>      > >
>>> >>>      > >     [7][11]
>>> https://www.digitalocean.com/community/tutorials/
>>> >>>      > >     how-to-change-account-passwords-on-an-openldap-server
>>> >>>      > >
>>> >>>      > >     On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya
>>> >> Ibiam wrote:
>>> >>>      > >     > Hi all,
>>> >>>      > >     >
>>> >>>      > >     > I recently complained about my sunjammer account as I
>>> >> haven't
>>> >>>      been able
>>> >>>      > >     to
>>> >>>      > >     > login because my password is expired and using
>>> >> [1][8][12]
>>> >>>      ldap.sugarlabs.org I
>>> >>>      > >     couldn't
>>> >>>      > >     > reset my password, and I've not been able to send
>>> >> emails from my
>>> >>>      @[2]
>>> >>>      > >     > [9][13]sugarlabs.org address and my emails to the
>>> lists
>>> >> I'm
>>> >>>      subscribed to at
>>> >>>      > >     [3]
>>> >>>      > >     > [10][14]lists.sugarlabs.org gets bounced.
>>> >>>      > >     >
>>> >>>      > >     > Bernie asked for my gpg key and I gave it to him and I
>>> >> haven't
>>> >>>      had a
>>> >>>      > >     reply
>>> >>>      > >     > since then, I've attached my gpg key here too. Thanks.
>>> >>>      > >     >
>>> >>>      > >     > --
>>> >>>      > >     >
>>> >>>      > >     > Ibiam Chihurumnaya
>>> >>>      > >     > [4][11][15]ibiamchihurumnaya at gmail.com
>>> >>>      > >     >
>>> >>>      > >     > References:
>>> >>>      > >     >
>>> >>>      > >     > [1] [12][16]http://ldap.sugarlabs.org/
>>> >>>      > >     > [2] [13][17]http://sugarlabs.org/
>>> >>>      > >     > [3] [14][18]http://lists.sugarlabs.org/
>>> >>>      > >     > [4] mailto:[15][19]ibiamchihurumnaya at gmail.com
>>> >>>      > >
>>> >>>      > >     > -----BEGIN PGP PUBLIC KEY BLOCK-----
>>> >>>      > >     >
>>> >>>      > >     >
>>> >> mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA
>>> >>>      > >     >
>>> >> B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+
>>> >>>      > >     >
>>> >> v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM
>>> >>>      > >     >
>>> >> w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa
>>> >>>      > >     >
>>> >> 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd
>>> >>>      > >     >
>>> >> Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt
>>> >>>      > >     >
>>> >> bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x
>>> >>>      > >     >
>>> >> zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
>>> >>>      > >     >
>>> >> AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS
>>> >>>      > >     >
>>> >> iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU
>>> >>>      > >     >
>>> >> Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP
>>> >>>      > >     >
>>> >> MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D
>>> >>>      > >     >
>>> >> KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q
>>> >>>      > >     >
>>> >> wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh
>>> >>>      > >     >
>>> >> vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+
>>> >>>      > >     >
>>> >> rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn
>>> >>>      > >     >
>>> >> V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o
>>> >>>      > >     >
>>> >> 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX
>>> >>>      > >     >
>>> >> 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+
>>> >>>      > >     >
>>> >> Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L
>>> >>>      > >     >
>>> >> MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5
>>> >>>      > >     >
>>> >> 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB
>>> >>>      > >     >
>>> >> 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o
>>> >>>      > >     >
>>> >> pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX
>>> >>>      > >     >
>>> >> itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k
>>> >>>      > >     >
>>> >> StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP
>>> >>>      > >     > JSeiVJ+oqNs=
>>> >>>      > >     > =lcIl
>>> >>>      > >     > -----END PGP PUBLIC KEY BLOCK-----
>>> >>>      > >
>>> >>>      > >     --
>>> >>>      > >     James Cameron
>>> >>>      > >     [16][20]http://quozl.netrek.org/
>>> >>>      > >
>>> >>>      > > References:
>>> >>>      > >
>>> >>>      > > [1] mailto:[21]ibiamchihurumnaya at gmail.com
>>> >>>      > > [2] mailto:[22]quozl at laptop.org
>>> >>>      > > [3] [23]http://ldap.sugarlabs.org/
>>> >>>      > > [4] [24]http://127.0.0.1/
>>> >>>      > > [5] mailto:[25]ibiamchihurumnaya at gmail.com
>>> >>>      > > [6] [26]http://127.0.0.1/
>>> >>>      > > [7] [27]https://www.digitalocean.com/community/tutorials/
>>> >>>      how-to-change-account-passwords-on-an-openldap-server
>>> >>>      > > [8] [28]http://ldap.sugarlabs.org/
>>> >>>      > > [9] [29]http://sugarlabs.org/
>>> >>>      > > [10] [30]http://lists.sugarlabs.org/
>>> >>>      > > [11] mailto:[31]ibiamchihurumnaya at gmail.com
>>> >>>      > > [12] [32]http://ldap.sugarlabs.org/
>>> >>>      > > [13] [33]http://sugarlabs.org/
>>> >>>      > > [14] [34]http://lists.sugarlabs.org/
>>> >>>      > > [15] mailto:[35]ibiamchihurumnaya at gmail.com
>>> >>>      > > [16] [36]http://quozl.netrek.org/
>>> >>>      >
>>> >>>      > > _______________________________________________
>>> >>>      > > Systems mailing list
>>> >>>      > > [37]Systems at lists.sugarlabs.org
>>> >>>      > > [38]http://lists.sugarlabs.org/listinfo/systems
>>> >>>      >
>>> >>>      >
>>> >>>      > --
>>> >>>      > James Cameron
>>> >>>      > [39]http://quozl.netrek.org/
>>> >>>
>>> >>>      --
>>> >>>      James Cameron
>>> >>>      [40]http://quozl.netrek.org/
>>> >>>
>>> >>> References:
>>> >>>
>>> >>> [1] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [2] mailto:quozl at laptop.org
>>> >>> [3] http://ldap.sugarlabs.org/
>>> >>> [4] http://127.0.0.1/
>>> >>> [5] https://ldap.sugarlabs.org/passwd
>>> >>> [6] http://dev.laptop.org/~quozl/z/1g4wNM.txt
>>> >>> [7] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [8] mailto:quozl at laptop.org
>>> >>> [9] http://ldap.sugarlabs.org/
>>> >>> [10] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [11] https://www.digitalocean.com/community/tutorials/
>>> >>> [12] http://ldap.sugarlabs.org/
>>> >>> [13] http://sugarlabs.org/
>>> >>> [14] http://lists.sugarlabs.org/
>>> >>> [15] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [16] http://ldap.sugarlabs.org/
>>> >>> [17] http://sugarlabs.org/
>>> >>> [18] http://lists.sugarlabs.org/
>>> >>> [19] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [20] http://quozl.netrek.org/
>>> >>> [21] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [22] mailto:quozl at laptop.org
>>> >>> [23] http://ldap.sugarlabs.org/
>>> >>> [24] http://127.0.0.1/
>>> >>> [25] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [26] http://127.0.0.1/
>>> >>> [27]
>>> >>
>>> https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server
>>> >>> [28] http://ldap.sugarlabs.org/
>>> >>> [29] http://sugarlabs.org/
>>> >>> [30] http://lists.sugarlabs.org/
>>> >>> [31] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [32] http://ldap.sugarlabs.org/
>>> >>> [33] http://sugarlabs.org/
>>> >>> [34] http://lists.sugarlabs.org/
>>> >>> [35] mailto:ibiamchihurumnaya at gmail.com
>>> >>> [36] http://quozl.netrek.org/
>>> >>> [37] mailto:Systems at lists.sugarlabs.org
>>> >>> [38] http://lists.sugarlabs.org/listinfo/systems
>>> >>> [39] http://quozl.netrek.org/
>>> >>> [40] http://quozl.netrek.org/
>>> >>
>>> >> --
>>> >> James Cameron
>>> >> http://quozl.netrek.org/
>>> >> _______________________________________________
>>> >> Systems mailing list
>>> >> Systems at lists.sugarlabs.org
>>> >> http://lists.sugarlabs.org/listinfo/systems
>>> >
>>>
>>>
>>> --
>>> _ // Bernie Innocenti
>>>   \X/  https://codewiz.org/
>>>
>> _______________________________________________
>> Systems mailing list
>> Systems at lists.sugarlabs.org
>> http://lists.sugarlabs.org/listinfo/systems
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20191126/c7e7bf73/attachment.html>


More information about the Systems mailing list