Re: NDS password change (by user).

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Jim,

Thanks for that - I got the code and will have a look at it later today.
Yes, I am stuck using NDS 8 (NW 5.1) and not eDirectory (nothing I can
do about this one), so hence the delete/replace. The code snippit is
done using an authenticated bind and fails even though the LDIF change
works. I will still run into the problems you mention with password
expiry etc. but am curious as to why the LDIF worked and the perl-ldap
given didn't? From watching traffic on the wire, the ldapmodify sent
very different information to the perl-ldap code (which didn't seem to
send the pattern "oldpass"). Can someone tell me what I'm doing
differently from the LDIF?

Thanks,

Fergus.

Jim Harle wrote:
> 
> There are a few issues here.  In earler versions of NDS (before
> eDirectory), it was necessary to delete and add, newer versions can /?
> need to use replace.  Second, are you sure you sure you did an
> authenticated bind with the user's DN and password?  It won't work with an
> anonymous bind.  Third, we found that NDS doesn't automatically update
> loginGraceRemaining and passwordExpirationTime so we needed to do a bind
> with an admin DN and password to make that happen.  I will send you code
> off-list.
>   --Jim Harle
> 
> On Fri, 19 Oct 2001 ma...@mj... wrote:
> 
> > You don't have to delete the password first. You should just be able
> > to do a replace.
> >
> > So try something like:
> > $ldap->modify($dn,replace => { 'userpassword' => 'newpass' });
> >
> > Mark
> >
> > On 19 Oct 01, at 9:49, Fergus Donohue wrote:
> >
> > > Hi all,
> > >
> > > Question for ye about a user changing their password in NDS (using
> > > LDAP of course). The following ldif run with ldapmodify -h ldap.svr -D
> > > "cn=fdtest,ou=staff,o=org" -w oldpass -f chpass.ldif lets the user
> > > fdtest change their password.
> > >
> > > dn: cn=fdtest,ou=Staff,o=ORG
> > > changetype: modify
> > > delete: userPassword
> > > userPassword: oldpass
> > > -
> > > replace: userPassword
> > > userPassword: newpass
> > > -
> > >
> > > I'm trying in vain to get perl-ldap to do the same, can anyone tell me
> > > where I'm going wrong? This is what I've got at the moment (after a
> > > successful bind) and I get an LDAP error 53 (Server unwilling to
> > > perform), which I assume is to do with perl-ldap not sending the same
> > > request as ldapmodify.
> > >
> > >  $result = $ldap->modify($dn,
> > >                 changes => [
> > >                         delete => [ userPassword => "$oldpass" ],
> > >                         replace => [ userPassword => "$newpass" ]
> > >                 ]
> > >         );
> > >
> > > Anyone any ideas?
> > > Thanks,
> > > Fergus.
> > >
> > >
> > >
> >
> >
> > Mark Wilcox
> > ma...@mj...
> > Got LDAP?
> >