[horde] Regarding LDAP password change trouble.

Pro Green European pro_green_european at yahoo.com
Mon Jun 15 08:57:00 UTC 2015


Hi.

I've recently switched over authentication from standard passwd/shadow to LDAP (Directory Server 389).

When I try changing the password as an authenticated user trough the horde/passwd module, the following information is written in the error log:

[15/Jun/2015:11:09:51 +0300] conn=2261 fd=71 slot=71 connection from ::1 to ::1
[15/Jun/2015:11:09:51 +0300] conn=2261 op=0 BIND dn="cn=directory manager" method=128 version=3
[15/Jun/2015:11:09:51 +0300] conn=2261 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="vendorName vendorVersion namingContexts altServer supportedExtension supportedControl supportedSASLMechanisms supportedLDAPVersion subschemaSubentry"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[15/Jun/2015:11:09:51 +0300] conn=2261 op=2 BIND dn="cn=directory manager" method=128 version=3
[15/Jun/2015:11:09:51 +0300] conn=2261 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=3 SRCH base="ou=People,dc=local,dc=tld" scope=1 filter="(&(objectClass=posixAccount)(uid=user001))" attrs="uid"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[15/Jun/2015:11:09:51 +0300] conn=2261 op=4 BIND dn="uid=user001,ou=People,dc=local,dc=tld" method=128 version=3
[15/Jun/2015:11:09:51 +0300] conn=2261 op=4 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=user001,ou=people,dc=local,dc=tld"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=5 SRCH base="ou=People,dc=local,dc=tld" scope=1 filter="(&(objectClass=posixAccount)(uid=user001))" attrs="uid"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=5 RESULT err=0 tag=101 nentries=1 etime=0
[15/Jun/2015:11:09:51 +0300] conn=2261 op=6 SRCH base="ou=People,dc=local,dc=tld" scope=0 filter="(objectClass=*)" attrs="pwdlastset shadowMax shadowMin shadowLastChange shadowWarning passwordExpirationTime"
[15/Jun/2015:11:09:51 +0300] conn=2261 op=6 RESULT err=0 tag=101 nentries=1 etime=0
[15/Jun/2015:11:09:51 +0300] conn=2261 op=7 SRCH base="uid=user001,ou=People,dc=local,dc=tld" scope=0 filter="(objectClass=*)" attrs=ALL
[15/Jun/2015:11:09:51 +0300] conn=2261 op=7 RESULT err=0 tag=101 nentries=1 etime=0
[15/Jun/2015:11:09:51 +0300] conn=2261 op=8 RESULT err=19 tag=103 nentries=0 etime=0
[15/Jun/2015:11:09:51 +0300] conn=2261 op=8 MOD dn="uid=user001,ou=People,dc=local,dc=tld", invalid password syntax
[15/Jun/2015:11:09:51 +0300] conn=2261 op=9 UNBIND
[15/Jun/2015:11:09:51 +0300] conn=2261 op=9 fd=71 closed - U1

Changing the password with the administrative account, then the password is updated without any problems.

Password encryptions scheme is:

$conf['auth']['params']['encryption'] = 'crypt';


What could cause an issue like this?

All pear modules are latest. System is Centos7, Apache 2.4 & PHP is 5.4.16-23. Selinux is in enforcing mode (no errors).



BR,
/PGE


More information about the horde mailing list