0

I am on a Solaris 10 machine with opendj 2.4.5 installed. I am attempting to set a user's password with the ldappasswordmodify command. In my application I want to be able to set their password without requiring the previous password. I still need the password to obey the history and validation requirements though. I have this working on a similar machine that I set up a while ago and am not sure how I did it.

This is how I am calling the command:

ldappasswordmodify -D cn=mgr -w mgrpw -a uid=user,ou=people,o=systems,dc=program -n newpassword

No matter what password I give it the command works and sets the password.

If I use the command and supply the old password like this:

ldappasswordmodify -D cn=mgr -w mgrpw -a uid=user,ou=people,o=systems,dc=program -c oldpassword -n newpassword

The history and validation requirements are enforced properly.

Does anyone have any idea how to do this or perhaps what to check on the working system to see how I did it before? I'm at a complete loss.

Ben Miller
  • 1
  • 1

2 Answers2

0

Don't use the manager account. Don't use it for anything actually. Use a user account. The manager account is for slapd itself. It bypasses a lot of security and overlays.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • What other account could I use? To set a password without giving the old one, passwordmodify requires a bindDN and password. It's also what I do on the machine that is working properly. – Ben Miller May 26 '16 at 23:46
  • Create an administrative account with the appropriate permissions, if you don't already have one, and use it for everything administrative. Never use the manager account. – user207421 May 26 '16 at 23:53
  • Forgive me for being new, but what rights does the account need? I can't find the admin account's information to see what rights it has, so I'm not sure what to give the new administrative account. – Ben Miller May 27 '16 at 00:10
0

I think this was an issue in OpenDJ 2.4 and it has been resolved in later versions. You might want to try with OpenDJ 3.0 which is the later release available.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30