6.0.0-git
2019-05-19

[#8192] smbldap: error changing password
Summary smbldap: error changing password
Queue Passwd
Queue Version 3.1
Type Bug
State Resolved
Priority 2. Medium
Owners jan (at) horde (dot) org
Requester pedretti (at) eco (dot) unibs (dot) it
Created 2009-04-14 (3687 days ago)
Due
Updated 2009-08-20 (3559 days ago)
Assigned 2009-08-18 (3561 days ago)
Resolved 2009-08-20 (3559 days ago)
Milestone 3.1.2
Patch No

History
2009-08-20 15:15:19 Jan Schneider Comment #12
State ⇒ Resolved
Reply to this comment
Okay, I consider this bug closed then.
2009-08-20 09:50:24 pedretti (at) eco (dot) unibs (dot) it Comment #11 Reply to this comment
Why would you want to disable resetting of the shadowlastchange
attribute, if you use it. Or asked differently: why do you have
shadowlastchange attributes if you don't use them?
Well, yes, I granted write to it only to the admin user, when changing 
password with its privilege. It make sense to enable write to it to 
self users.
2009-08-19 21:03:49 Jan Schneider Comment #10 Reply to this comment
Why would you want to disable resetting of the shadowlastchange 
attribute, if you use it. Or asked differently: why do you have 
shadowlastchange attributes if you don't use them?
2009-08-19 14:31:01 pedretti (at) eco (dot) unibs (dot) it Comment #9 Reply to this comment
OK, I found the problem: passwd 3.0.1 inside ldap.php try to change 
only the "userPassword" ldap attribute when using smbldap backend.



With 3.1.2 it also try to update the "shadowLastChange" ldap attribute 
which I was denying to self users.



With 3.1.2 is possible to disable the "shadowLastChange" attribute but 
only for the ldap backend, not for the smbldap.



To fix this what about merging smbldap backend inside the ldap one, 
where the smb attributes are enabled only if they are uncommented?
2009-08-19 10:41:44 Jan Schneider Comment #8 Reply to this comment
What *is* your configuration actually?

And can you try to debug this on your own? Maybe the binding doesn't 
work the same like in Passwd 3.0.
2009-08-19 10:10:23 pedretti (at) eco (dot) unibs (dot) it Comment #7 Reply to this comment
Well, these are at least no errors from Horde anymore. It's exactly
what the error message says: you don't have sufficient permissions to
update the LDAP attributes.
That's really strange, because with passwd 3.0.1 and the same 
configuration it's working fine.
2009-08-19 08:40:57 Jan Schneider Comment #6 Reply to this comment
Well, these are at least no errors from Horde anymore. It's exactly 
what the error message says: you don't have sufficient permissions to 
update the LDAP attributes.
2009-08-19 08:17:43 pedretti (at) eco (dot) unibs (dot) it Comment #5 Reply to this comment
Please try what I committed.
I tried the FRAMEWORK_3 branch: it still does not work but some 
warnings are gone:



same error message:

* ErrorFailure in changing password for Account Economia: Insufficient access





php warnings:

Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: 
Insufficient access in /var/www/horde/passwd/lib/Driver/ldap.php on 
line 209



Warning: Cannot modify header information - headers already sent by 
(output started at /var/www/horde/passwd/lib/Driver/ldap.php:209) in 
/var/www/horde/passwd/templates/common-header.inc on line 4



Warning: Cannot modify header information - headers already sent by 
(output started at /var/www/horde/passwd/lib/Driver/ldap.php:209) in 
/var/www/horde/passwd/templates/common-header.inc on line 5
2009-08-18 12:27:36 Jan Schneider Comment #4
Taken from Horde DevelopersHorde Developers
State ⇒ Feedback
Milestone ⇒ 3.1.2
Reply to this comment
Please try what I committed.
2009-04-16 22:19:35 Jan Schneider Assigned to Jan Schneider
Assigned to Horde DevelopersHorde Developers
State ⇒ Assigned
Priority ⇒ 2. Medium
Milestone ⇒ 3.1.1
 
2009-04-14 13:40:11 pedretti (at) eco (dot) unibs (dot) it Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ smbldap: error changing password
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ No
Reply to this comment
Every time I try to change password after having configured the 
smbldap backend I get this message from Passwd:

     * ErrorFailure in changing password for Account Economia: 
Insufficient access



and these php warnings:

Warning: Missing argument 2 for Passwd_Driver_smbldap::_lookupdn(), 
called in /var/www/horde/passwd/lib/Driver/ldap.php on line 145 and 
defined in /var/www/horde/passwd/lib/Driver/smbldap.php on line 141



Notice: Undefined variable: passw in 
/var/www/horde/passwd/lib/Driver/smbldap.php on line 151



Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: 
Insufficient access in /var/www/horde/passwd/lib/Driver/ldap.php on 
line 201



Warning: Cannot modify header information - headers already sent by 
(output started at /var/www/horde/passwd/lib/Driver/smbldap.php:141) 
in /var/www/horde/passwd/templates/common-header.inc on line 4



Warning: Cannot modify header information - headers already sent by 
(output started at /var/www/horde/passwd/lib/Driver/smbldap.php:141) 
in /var/www/horde/passwd/templates/common-header.inc on line 5



This is what I have in passwd backends.php:



$backends['smbldap'] = array(

     'name' => 'Account My Domain',

     'preferred' => 'www.example.com',

     'password policy' => array(

         'minLength' => 3,

         'maxLength' => 32

     ),

     'driver' => 'smbldap',

     'params' => array(

         'host' => 'ldap.my.domain.it',

         'port' => 389,

         'basedn' => 'ou=People,dc=my,dc=domain,dc=it',

         'uid' => 'uid',

         // This will be appended to the username when looking for the userdn.

         'realm' => '',

         'encryption' => 'crypt',

         // Make sure the host == cn in the server certificate.

         'tls' => false,

         // If any of the following attributes are commented out, they

         // won't be set on the LDAP server.

         'lm_attribute' => 'sambaLMPassword',

         'nt_attribute' => 'sambaNTPassword',

//        'pw_set_attribute' => 'sambaPwdLastSet',

//        'pw_expire_attribute' => 'sambaPwdMustChange',

          // The number of days until samba passwords expire. If this

          // is commented out, passwords will never expire.

//        'pw_expire_time' => 180,

     )

);

Saved Queries