OpenLDAP Password Change

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
alief
Posts: 1
Joined: Sat Mar 28, 2020 1:59 am

OpenLDAP Password Change

Post by alief »

i am using openLDAP as external authentication. everything is running well. i also can change openLDAP account password using the ldappasswd command.
the problem is when i try to change password in web password change, there is no error message but the password did not change.
i have tried to use ADPassword extension but it didnt work, i got this message in mailbox.log :

Code: Select all

2020-03-28 01:51:21,287 WARN  [qtp1027591600-1195://localhost:8080/service/soap/ChangePasswordRequest] [ua=zclient/8.8.15_GA_3918;soapId=60a90825;] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: permission denied: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - UnicodePwd: attribute type undefined]; remaining name 'cn=adikhsan,ou=people,dc=myweb,dc=net'
ExceptionId:qtp1027591600-1195://localhost:8080/service/soap/ChangePasswordRequest:1585360281287:a89ccfceea9ade8d
Code:service.PERM_DENIED
i realy appriciate your help.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: OpenLDAP Password Change

Post by DualBoot »

Hello,

I think there is compatibility problem between ADPasword Zimlet and OpenLDAP :
LDAP: error code 17 - UnicodePwd: attribute type undefined

From my own opinion changing password from Zimbra when using an external authentication server
is no a good practise.
I prefer using a dedicated portal like this one https://github.com/ltb-project/self-service-password


Regards,
Lewis-H
Posts: 49
Joined: Wed Jan 01, 2020 11:28 am
Contact:

Re: OpenLDAP Password Change

Post by Lewis-H »

We can use the ldappasswd tool to modify user account passwords. To change your password, you will need to bind to an LDAP user entry and authenticate with the current password. This follows the same general syntax as the other OpenLDAP tools.
nathanr801
Posts: 6
Joined: Tue May 05, 2020 9:50 pm

Re: OpenLDAP Password Change

Post by nathanr801 »

The -problem- appears to be with line 80 in the ADConnection.java. If your OpenLDAP password attribute is "userPassword" instead of "UnicodePwd" you could probably just replace the attribute name and put in the new password instead of the converted password. Replace:

LINE 80: mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("UnicodePwd", pwdArray));

with...

LINE 80: mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", password));
Last edited by nathanr801 on Wed Jun 24, 2020 3:25 pm, edited 1 time in total.
nathanr801
Posts: 6
Joined: Tue May 05, 2020 9:50 pm

Re: OpenLDAP Password Change

Post by nathanr801 »

Confirmed working on 8.8.15_P10 with ADPassword 0.0.7
Post Reply