<div dir="ltr"><div dir="ltr"><div>Hi James, <br></div><div><br></div><div>I get this error "Wrong username or password."</div><div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre style="color:rgb(46,52,54);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px"><span style="font-family:monospace,monospace">-- <br></span></pre><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><span></span><span></span>Ibiam Chihurumnaya <br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><a href="mailto:ibiamchihurumnaya@gmail.com" style="color:rgb(42,118,198)" target="_blank">ibiamchihurumnaya@gmail.com</a></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><br></span></div></div></div></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 6:39 AM James Cameron <<a href="mailto:quozl@laptop.org">quozl@laptop.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Bernie, can I change the RootDN password?<br>
<br>
Ibiam, what does <a href="http://ldap.sugarlabs.org" rel="noreferrer" target="_blank">ldap.sugarlabs.org</a> show you when you try to change<br>
your password?<br>
<br>
--<br>
<br>
Ibiam sent me his password, and it didn't work for me;<br>
<br>
sunjammer:~# ldappasswd -H ldap://<a href="http://127.0.0.1" rel="noreferrer" target="_blank">127.0.0.1</a> -x -D "uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S<br>
Old password: <br>
Re-enter old password: <br>
New password: <br>
Re-enter new password: <br>
Enter LDAP Password: <br>
ldap_bind: Invalid credentials (49)<br>
49!sunjammer:~#<br>
<br>
On <a href="https://ldap.sugarlabs.org/passwd" rel="noreferrer" target="_blank">https://ldap.sugarlabs.org/passwd</a> the response was "Wrong username<br>
or password.", which means @ldap_bind failed twice.<br>
<br>
On Wed, Sep 26, 2018 at 11:32:53AM +1000, James Cameron wrote:<br>
> Ibiam and I talked about this problem after the meeting today.<br>
> <br>
> Our plan is for Ibiam to send me the password using GnuPG, and I'll<br>
> try ldappasswd after su.<br>
> <br>
> Logs from sunjammer from this event;<br>
> <a href="http://dev.laptop.org/~quozl/z/1g4wNM.txt" rel="noreferrer" target="_blank">http://dev.laptop.org/~quozl/z/1g4wNM.txt</a><br>
> <br>
> On Tue, Sep 25, 2018 at 02:44:26PM +0100, Chihurumnaya Ibiam wrote:<br>
> > James no error from "ssh -v", it only shows connection was established<br>
> > and a warning that my password is expired and i should change it but<br>
> > typing my password only throws an incorrect password error.<br>
> > <br>
> > --<br>
> > <br>
> > Ibiam Chihurumnaya<br>
> > [1]<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> > <br>
> > On Tue, Sep 25, 2018 at 11:04 AM James Cameron <[2]<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a>> wrote:<br>
> > <br>
> >     Changing my password using [3]<a href="http://ldap.sugarlabs.org" rel="noreferrer" target="_blank">ldap.sugarlabs.org</a> failed with; "Can't<br>
> >     modify LDAP information."<br>
> > <br>
> >     Changing my password using ldappasswd from sunjammer shell prompt<br>
> >     seemed to work;<br>
> > <br>
> >     quozl@sunjammer:~$ ldappasswd -H ldap://[4]127.0.0.1 -x -D "uid=quozl,ou=<br>
> >     People,dc=sugarlabs,dc=org" -W -A -S<br>
> >     Old password: <oldpassword><br>
> >     Re-enter old password: <oldpassword><br>
> >     New password: <newpassword><br>
> >     Re-enter new password: <newpassword><br>
> >     Enter LDAP Password: <oldpassword><br>
> >     quozl@sunjammer:~$<br>
> > <br>
> >     However shadowLastChange for me hasn't moved, so I'm not sure if it<br>
> >     really worked.  Password authentication isn't enabled for SSH anyway.<br>
> > <br>
> >     Checking Ibiam's entry using ldapsearch;<br>
> > <br>
> >     $ ldapsearch -x -LLL uid=ibiamchihurumnaya<br>
> >     dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org<br>
> >     uid: ibiamchihurumnaya<br>
> >     cn: Chihurumnaya Ibiam<br>
> >     sn: Ibiam<br>
> >     objectClass: person<br>
> >     objectClass: organizationalPerson<br>
> >     objectClass: inetOrgPerson<br>
> >     objectClass: posixAccount<br>
> >     objectClass: top<br>
> >     objectClass: shadowAccount<br>
> >     shadowMax: 365<br>
> >     shadowWarning: 14<br>
> >     uidNumber: 837<br>
> >     gidNumber: 837<br>
> >     homeDirectory: /home/ibiamchihurumnaya<br>
> >     gecos: Chihurumnaya Ibiam<br>
> >     displayName: Chihurumnaya Ibiam<br>
> >     givenName: Chihurumnaya<br>
> >     loginShell: /bin/bash<br>
> >     mail: [5]<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> >     shadowLastChange: 17407 (29th August 2017)<br>
> > <br>
> >     Current date is beyond shadowLastChange plus shadowMax plus<br>
> >     shadowWarning, so the account is probably inactive and disabled.<br>
> > <br>
> >     Ibiam, is there some indication you have received to confirm that,<br>
> >     e.g. an "ssh -v" error?<br>
> > <br>
> >     I've tried changing Ibiam's password as root, but it prompts me for<br>
> >     Ibiam's old password, which I don't know.<br>
> > <br>
> >     sunjammer:~# ldappasswd -H ldap://[6]127.0.0.1 -x -D "uid=<br>
> >     ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S<br>
> >     Old password:<br>
> > <br>
> >     I've found a procedure for changing the RootDN password for OpenLDAP,<br>
> >     but if I did that I'd need a secure way to communicate it to other<br>
> >     system administrators.  It also looks hacky and prone to error, so I'm<br>
> >     not sure the procedure is correct.<br>
> > <br>
> >     [7]<a href="https://www.digitalocean.com/community/tutorials/" rel="noreferrer" target="_blank">https://www.digitalocean.com/community/tutorials/</a><br>
> >     how-to-change-account-passwords-on-an-openldap-server<br>
> > <br>
> >     On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya Ibiam wrote:<br>
> >     > Hi all,<br>
> >     ><br>
> >     > I recently complained about my sunjammer account as I haven't been able<br>
> >     to<br>
> >     > login because my password is expired and using [1][8]<a href="http://ldap.sugarlabs.org" rel="noreferrer" target="_blank">ldap.sugarlabs.org</a> I<br>
> >     couldn't<br>
> >     > reset my password, and I've not been able to send emails from my @[2]<br>
> >     > [9]<a href="http://sugarlabs.org" rel="noreferrer" target="_blank">sugarlabs.org</a> address and my emails to the lists I'm subscribed to at<br>
> >     [3]<br>
> >     > [10]<a href="http://lists.sugarlabs.org" rel="noreferrer" target="_blank">lists.sugarlabs.org</a> gets bounced.<br>
> >     ><br>
> >     > Bernie asked for my gpg key and I gave it to him and I haven't had a<br>
> >     reply<br>
> >     > since then, I've attached my gpg key here too. Thanks.<br>
> >     ><br>
> >     > --<br>
> >     ><br>
> >     > Ibiam Chihurumnaya<br>
> >     > [4][11]<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> >     ><br>
> >     > References:<br>
> >     ><br>
> >     > [1] [12]<a href="http://ldap.sugarlabs.org/" rel="noreferrer" target="_blank">http://ldap.sugarlabs.org/</a><br>
> >     > [2] [13]<a href="http://sugarlabs.org/" rel="noreferrer" target="_blank">http://sugarlabs.org/</a><br>
> >     > [3] [14]<a href="http://lists.sugarlabs.org/" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/</a><br>
> >     > [4] mailto:[15]<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> > <br>
> >     > -----BEGIN PGP PUBLIC KEY BLOCK-----<br>
> >     ><br>
> >     > mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA<br>
> >     > B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+<br>
> >     > v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM<br>
> >     > w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa<br>
> >     > 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd<br>
> >     > Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt<br>
> >     > bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x<br>
> >     > zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW<br>
> >     > AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS<br>
> >     > iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU<br>
> >     > Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP<br>
> >     > MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D<br>
> >     > KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q<br>
> >     > wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh<br>
> >     > vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+<br>
> >     > rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn<br>
> >     > V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o<br>
> >     > 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX<br>
> >     > 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+<br>
> >     > Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L<br>
> >     > MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5<br>
> >     > 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB<br>
> >     > 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o<br>
> >     > pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX<br>
> >     > itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k<br>
> >     > StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP<br>
> >     > JSeiVJ+oqNs=<br>
> >     > =lcIl<br>
> >     > -----END PGP PUBLIC KEY BLOCK-----<br>
> > <br>
> >     --<br>
> >     James Cameron<br>
> >     [16]<a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
> > <br>
> > References:<br>
> > <br>
> > [1] mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> > [2] mailto:<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a><br>
> > [3] <a href="http://ldap.sugarlabs.org/" rel="noreferrer" target="_blank">http://ldap.sugarlabs.org/</a><br>
> > [4] <a href="http://127.0.0.1/" rel="noreferrer" target="_blank">http://127.0.0.1/</a><br>
> > [5] mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> > [6] <a href="http://127.0.0.1/" rel="noreferrer" target="_blank">http://127.0.0.1/</a><br>
> > [7] <a href="https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server" rel="noreferrer" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server</a><br>
> > [8] <a href="http://ldap.sugarlabs.org/" rel="noreferrer" target="_blank">http://ldap.sugarlabs.org/</a><br>
> > [9] <a href="http://sugarlabs.org/" rel="noreferrer" target="_blank">http://sugarlabs.org/</a><br>
> > [10] <a href="http://lists.sugarlabs.org/" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/</a><br>
> > [11] mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> > [12] <a href="http://ldap.sugarlabs.org/" rel="noreferrer" target="_blank">http://ldap.sugarlabs.org/</a><br>
> > [13] <a href="http://sugarlabs.org/" rel="noreferrer" target="_blank">http://sugarlabs.org/</a><br>
> > [14] <a href="http://lists.sugarlabs.org/" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/</a><br>
> > [15] mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a><br>
> > [16] <a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
> <br>
> > _______________________________________________<br>
> > Systems mailing list<br>
> > <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
> > <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
> <br>
> <br>
> -- <br>
> James Cameron<br>
> <a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
<br>
-- <br>
James Cameron<br>
<a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
</blockquote></div>