OpenLDAP Password Change

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
alief
Posts: 1
Joined: Sat Mar 28, 2020 1:59 am

OpenLDAP Password Change

Postby alief » Sat Mar 28, 2020 2:17 am

i am using openLDAP as external authentication. everything is running well. i also can change openLDAP account password using the ldappasswd command.
the problem is when i try to change password in web password change, there is no error message but the password did not change.
i have tried to use ADPassword extension but it didnt work, i got this message in mailbox.log :

Code: Select all

2020-03-28 01:51:21,287 WARN  [qtp1027591600-1195://localhost:8080/service/soap/ChangePasswordRequest] [ua=zclient/8.8.15_GA_3918;soapId=60a90825;] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: permission denied: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - UnicodePwd: attribute type undefined]; remaining name 'cn=adikhsan,ou=people,dc=myweb,dc=net'
ExceptionId:qtp1027591600-1195://localhost:8080/service/soap/ChangePasswordRequest:1585360281287:a89ccfceea9ade8d
Code:service.PERM_DENIED


i realy appriciate your help.


ahrockz1
Posts: 4
Joined: Mon Mar 11, 2019 8:38 am

Re: OpenLDAP Password Change

Postby ahrockz1 » Sun Mar 29, 2020 1:46 pm

Hi,

Wow, did you use another zimbra as openLDAP or another kind of mail server?

I tried many times on a zimbra server but i failded to connect to zimbra LDAP itself to a gateway server.
Do you have a guide for this?

Sorry, for your question i cannot help.
User avatar
DualBoot
Elite member
Elite member
Posts: 1228
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: OpenLDAP Password Change

Postby DualBoot » Mon Mar 30, 2020 8:09 am

Hello,

I think there is compatibility problem between ADPasword Zimlet and OpenLDAP :
LDAP: error code 17 - UnicodePwd: attribute type undefined

From my own opinion changing password from Zimbra when using an external authentication server
is no a good practise.
I prefer using a dedicated portal like this one https://github.com/ltb-project/self-service-password


Regards,
Lewis-H
Posts: 49
Joined: Wed Jan 01, 2020 11:28 am
Contact:

Re: OpenLDAP Password Change

Postby Lewis-H » Mon Mar 30, 2020 4:53 pm

We can use the ldappasswd tool to modify user account passwords. To change your password, you will need to bind to an LDAP user entry and authenticate with the current password. This follows the same general syntax as the other OpenLDAP tools.
nathanr801
Posts: 1
Joined: Tue May 05, 2020 9:50 pm

Re: OpenLDAP Password Change

Postby nathanr801 » Tue May 05, 2020 9:58 pm

The -problem- appears to be with line 80 in the ADConnection.java. If your OpenLDAP password attribute is "userPassword" instead of "UnicodePwd" you could probably just replace the attribute name and put in the new password instead of the converted password. Replace:

LINE 80: mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("UnicodePwd", pwdArray));

with...

LINE 80: mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", password));

A contributor for the adpassword might be able to confirm.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 9 guests