Thread: [Cpu-users] Error when trying to add a user password interactively
Brought to you by:
matheny
Menu
▾
▴
cpu-users
|
From: Terrence M. <tm...@ph...> - 2003-09-24 21:16:01
|
I am having problems when trying to set a user accounts password interactively. root@llama /usr/local/src# cpu -w useradd -p test Please enter the LDAP bind password: Please enter desired user password: ldap: ldapOperation: ldap_bind_s: Invalid credentials (49) ldap: CPU_init: Error in ldapOperation. Something went wrong. Exiting. root@llama /usr/local/src# gq & [4] 11748 root@llama /usr/local/src# cpu -w useradd -ptest test Please enter the LDAP bind password: User test successfully added! root@llama /usr/local/src# Any ideas? Terrence |
|
From: Blake M. <bma...@pu...> - 2003-09-25 00:04:06
|
[duke 8] bmatheny > cpu -w useradd -p test Please enter the LDAP bind password: Please enter desired user password: User test successfully added! [duke 9] bmatheny > cpu -w cat Please enter the LDAP bind password: User Accounts blake:x:100:100::/home/blake:/bin/bash blah:x:4506:5511::/home/blah:/bin/bash test:x:6099:5947::/home/test:/bin/bash Group Entries blake:x:100: blah:x:5511: test:x:8114: [duke 10] bmatheny > cpu --version CPU 1.4.1 Written by Blake Matheny Copyright 2001, 2002, 2003 Is it possible you entered the wrong password for the first one there? It works for me, is anyone else having this problem? What version are you using? -Blake Whatchu talkin' 'bout, Willis? > I am having problems when trying to set a user accounts password > interactively. > > root@llama /usr/local/src# cpu -w useradd -p test > Please enter the LDAP bind password: > Please enter desired user password: > > ldap: ldapOperation: ldap_bind_s: Invalid credentials (49) > ldap: CPU_init: Error in ldapOperation. > Something went wrong. Exiting. > root@llama /usr/local/src# gq & > [4] 11748 > root@llama /usr/local/src# cpu -w useradd -ptest test > Please enter the LDAP bind password: > User test successfully added! > root@llama /usr/local/src# > > Any ideas? > > Terrence > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Cpu-users mailing list > Cpu...@li... > https://lists.sourceforge.net/lists/listinfo/cpu-users -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Terrence M. <tm...@ph...> - 2003-09-25 18:59:05
|
Well if I putting in the wrong password I am doing it consistently with
one way of setting the user password and not the other.
root@llama /usr/local/src# cpu -w useradd -p test
Please enter the LDAP bind password:
Please enter desired user password:
ldap: ldapOperation: ldap_bind_s: Invalid credentials (49)
ldap: CPU_init: Error in ldapOperation.
Something went wrong. Exiting.
You have new mail in /var/spool/mail/root
root@llama /usr/local/src# cpu -w useradd -p test
Please enter the LDAP bind password:
Please enter desired user password:
ldap: ldapOperation: ldap_bind_s: Invalid credentials (49)
ldap: CPU_init: Error in ldapOperation.
Something went wrong. Exiting.
root@llama /usr/local/src# cpu -w useradd -p test
Please enter the LDAP bind password:
Please enter desired user password:
ldap: ldapOperation: ldap_bind_s: Invalid credentials (49)
ldap: CPU_init: Error in ldapOperation.
Something went wrong. Exiting.
root@llama /usr/local/src# cpu -w useradd -ptest test
Please enter the LDAP bind password:
User test successfully added!
So the question is could this have to do with ACL's in my LDAP directory
and how I set pw?
Failed Log
Sep 25 11:54:26 llama slapd[2213]: conn=2432 fd=21 ACCEPT from
IP=127.0.0.1:32860 (IP=0.0.0.0:389)
Sep 25 11:54:26 llama slapd[2443]: conn=2432 op=0 BIND
dn="cn=Admin,dc=physics,dc=ucsd,dc=edu" method=128
Sep 25 11:54:26 llama slapd[2443]: conn=2432 op=0 RESULT tag=97 err=49 text=
Sep 25 11:54:26 llama slapd[2213]: conn=2432 fd=21 closed
Sep 25 11:54:46 llama slapd[2213]: conn=2433 fd=21 ACCEPT from
IP=127.0.0.1:32861 (IP=0.0.0.0:389)
Sep 25 11:54:46 llama slapd[4908]: conn=2433 op=0 BIND
dn="cn=Admin,dc=physics,dc=ucsd,dc=edu" method=128
Sep 25 11:54:46 llama slapd[4908]: conn=2433 op=0 RESULT tag=97 err=49 text=
Sep 25 11:54:46 llama slapd[2213]: conn=2433 fd=21 closed
Sep 25 11:55:24 llama slapd[2434]: conn=2434 op=3 SRCH attr=cn
userPassword memberUid uniqueMember gidNumber
Sep 25 11:55:24 llama slapd[2434]: conn=2434 op=3 SEARCH RESULT tag=101
err=0 nentries=0 text=
Sep 25 11:55:24 llama slapd[2213]: conn=2434 fd=21 closed
Success Log
Sep 25 11:56:31 llama slapd[2213]: conn=2435 fd=21 ACCEPT from
IP=127.0.0.1:32862 (IP=0.0.0.0:389)
Sep 25 11:56:31 llama slapd[2443]: conn=2435 op=0 BIND
dn="cn=Admin,dc=physics,dc=ucsd,dc=edu" method=128
Sep 25 11:56:31 llama slapd[2443]: conn=2435 op=0 BIND
dn="cn=Admin,dc=physics,dc=ucsd,dc=edu" mech=simple ssf=0
Sep 25 11:56:31 llama slapd[2443]: conn=2435 op=0 RESULT tag=97 err=0 text=
Sep 25 11:56:31 llama slapd[4908]: conn=2435 op=1 SRCH
base="ou=People,dc=physics,dc=ucsd,dc=edu" scope=2 filter="(uidNumber=5010)"
... lots of uid searching ensues....
Sep 25 11:57:34 llama slapd[4355]: conn=2435 op=1071 SRCH attr=gidNumber
Sep 25 11:57:34 llama slapd[4355]: conn=2435 op=1071 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Sep 25 11:57:34 llama slapd[4906]: conn=2435 op=1072 SRCH
base="ou=Group,dc=physics,dc=ucsd,dc=edu" scope=2 filter="(gidNumber=5545)"
Sep 25 11:57:34 llama slapd[4906]: conn=2435 op=1072 SRCH attr=gidNumber
Sep 25 11:57:34 llama slapd[4906]: conn=2435 op=1072 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Sep 25 11:57:34 llama slapd[2434]: conn=2435 op=1073 ADD
dn="cn=test2,ou=Group,dc=physics,dc=ucsd,dc=edu"
Sep 25 11:57:34 llama slapd[2434]: conn=2435 op=1073 RESULT tag=105
err=0 text=
Sep 25 11:57:34 llama slapd[2443]: conn=2435 op=1074 ADD
dn="uid=test2,ou=People,dc=physics,dc=ucsd,dc=edu"
Sep 25 11:57:34 llama slapd[2443]: conn=2435 op=1074 RESULT tag=105
err=0 text=
Sep 25 11:57:34 llama slapd[2213]: conn=2435 fd=21 closed
Sep 25 11:57:37 llama slapd[4908]: conn=828 op=291 SRCH
base="dc=physics,dc=ucsd,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uidNumber=5004))"
Sep 25 11:57:37 llama slapd[4908]: conn=828 op=291 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Sep 25 11:57:37 llama slapd[4908]: conn=828 op=291 SEARCH RESULT tag=101
err=0 nentries=1 text=
Here are my ACL's. I explicitly restrict access to the userPassword
field for security reasons, ie if you are not said user you cannot see
the hash. However why one method works and the other does not is odd.
# Restrict userPassword to be used for auth only, but allow users to
modify their passwords
access to attrs=userPassword
by self write
by * auth
# Default simple acl
access to *
by * read
Terrence
Blake Matheny wrote:
>[duke 8] bmatheny > cpu -w useradd -p test
>Please enter the LDAP bind password:
>Please enter desired user password:
>
>User test successfully added!
>
>[duke 9] bmatheny > cpu -w cat
>Please enter the LDAP bind password:
>User Accounts
>blake:x:100:100::/home/blake:/bin/bash
>blah:x:4506:5511::/home/blah:/bin/bash
>test:x:6099:5947::/home/test:/bin/bash
>
>Group Entries
>blake:x:100:
>blah:x:5511:
>test:x:8114:
>
>[duke 10] bmatheny > cpu --version
>CPU 1.4.1
>Written by Blake Matheny
>Copyright 2001, 2002, 2003
>
>
>Is it possible you entered the wrong password for the first one there? It
>works for me, is anyone else having this problem? What version are you using?
>
>-Blake
>
>Whatchu talkin' 'bout, Willis?
>
>
>>I am having problems when trying to set a user accounts password
>>interactively.
>>
>>root@llama /usr/local/src# cpu -w useradd -p test
>>Please enter the LDAP bind password:
>>Please enter desired user password:
>>
>>ldap: ldapOperation: ldap_bind_s: Invalid credentials (49)
>>ldap: CPU_init: Error in ldapOperation.
>>Something went wrong. Exiting.
>>root@llama /usr/local/src# gq &
>>[4] 11748
>>root@llama /usr/local/src# cpu -w useradd -ptest test
>>Please enter the LDAP bind password:
>>User test successfully added!
>>root@llama /usr/local/src#
>>
>>Any ideas?
>>
>>Terrence
>>
>>
>>
>>
>>
>>-------------------------------------------------------
>>This sf.net email is sponsored by:ThinkGeek
>>Welcome to geek heaven.
>>http://thinkgeek.com/sf
>>_______________________________________________
>>Cpu-users mailing list
>>Cpu...@li...
>>https://lists.sourceforge.net/lists/listinfo/cpu-users
>>
>>
>
>
>
|
|
From: Blake M. <bma...@pu...> - 2003-09-27 02:52:02
|
I *think* I figured out what is going on here. From the getpass man page: "The function getpass returns a pointer to a static buffer containing the password without the trailing newline, terminated by a NULL. This buffer may be overwritten by a following call." Since getpass is being called more than once, I think the buffer is being overwritten. Elsewhere in the man page it says: "This function is obsolete. Do not use it." So I implemented a new version of it that doesn't use a static buffer. Could you check out the CVS version of cpu and let me know if it fixed your problem? Also, let me know if adding a user is faster for you. There is no more GRAB* options, it just defaults to doing that unless random is true. -Blake Whatchu talkin' 'bout, Willis? > Well if I putting in the wrong password I am doing it consistently with > one way of setting the user password and not the other. > > root@llama /usr/local/src# cpu -w useradd -p test > Please enter the LDAP bind password: > Please enter desired user password: > > ldap: ldapOperation: ldap_bind_s: Invalid credentials (49) > ldap: CPU_init: Error in ldapOperation. > Something went wrong. Exiting. > You have new mail in /var/spool/mail/root > root@llama /usr/local/src# cpu -w useradd -p test > Please enter the LDAP bind password: > Please enter desired user password: > -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X