cancel
Showing results for 
Search instead for 
Did you mean: 

Generic LDAP password management

ric_
New Contributor

Generic LDAP password management

Hi all,

I've configured my ldap (Linux based) in LDAPS, and i want manage the change password in SA.

For authentication I use an custom attribute "mail", I've configure in SA the auth server to use a LDAPS and I've insert the ADMIN DN information, but when I try to change password I get an error "Could not change password.".

The version of IVE SO is 6.3R1 (build 13557).

What I can check more ?

Thanks

3 REPLIES 3
muttbarker_
Valued Contributor

Re: Generic LDAP password management

Hmm - I use the exact same setup on one of my test realms - users login and authenticate with an email address against an LDAP directory using LDAPS. I just tested the change password option and it worked fine.

Policy trace and logging don't show any of the interaction that occurs between the SSL box and the LDAP box. Have you tried running a TCPDump against the session in question to see what error is being returned from the LDAP server.

Pain to read but probably your most effective tool for debugging.

ric_
New Contributor

Re: Generic LDAP password management

Kevin I don't have more experience with LDAP, in that case we use OpenLdap and OpenSSL for the certificate.

I've done a tcpdump and I se that ther is only an "Encrypted alert" sent from SA to LDAP, but I can see kind of this alert.

I've a dubt, on my SA I need a certificate of the same CA of LDAPS ?

muttbarker_
Valued Contributor

Re: Generic LDAP password management

You don't need to place a cert on the SSL box for LDAPS. I use Win2K3 for my LDAP and don't have much experience with OpenLdap.

I ran a couple of tests on my box and did not see the message you found in your dump.

As I am using a lab box for this I would be glad to send you a dump of a "clean" password change if you thought it would help.