[Freeipa-users] changing password on user using ldappasswd

Martin Kosek mkosek at redhat.com
Wed Jan 6 11:17:49 UTC 2016 

On 01/06/2016 09:59 AM, FE9817 FE-DDIS.DK wrote:
> Hi,
> 
> Im trying to change password for a user, using ldap, but it hangs. Here is what is done.
> 
> :~$ ldappasswd -h idm.com -ZZ -p 636 -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -d9 -v -A
> Old password:
> Re-enter old password:
> New password:
> Re-enter new password:
> ldap_initialize( ldap://idm.com:636 )
> ldap_create
> ldap_url_parse_ext(ldap://idm.com:636)
> ldap_extended_operation_s
> ldap_extended_operation
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP idm.com:636
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying 10.10.10.10:636
> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> ldap_open_defconn: successful
> ldap_send_server_request
> ber_scanf fmt ({it) ber:
> ber_scanf fmt ({) ber:
> ber_flush2: 31 bytes to sd 3
> ldap_result ld 0x7fc7f40de370 msgid 1
> wait4msg ld 0x7fc7f40de370 msgid 1 (infinite timeout)
> wait4msg continue ld 0x7fc7f40de370 msgid 1 all 1
> ** ld 0x7fc7f40de370 Connections:
> * host: idm01.dap.cfcs.dk  port: 636  (default)
>   refcnt: 2  status: Connected
>   last used: Wed Jan  6 09:29:43 2016
> 
> 
> ** ld 0x7fc7f40de370 Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>    outstanding referrals 0, parent count 0
>   ld 0x7fc7f40de370 request count 1 (abandoned 0)
> ** ld 0x7fc7f40de370 Response Queue:
>    Empty
>   ld 0x7fc7f40de370 response count 0
> ldap_chkResponseList ld 0x7fc7f40de370 msgid 1 all 1
> ldap_chkResponseList returns ld 0x7fc7f40de370 NULL
> ldap_int_select
> 
> It works when using kpasswd, but not ldappasswd. Any suggestions?

I had similar problem when kadmin did not start fully because of low entropy on
my VM, I wonder if this is your case as well. You can find out with

# systemctl status kadmin.service

But I am surprised that kadmin password change works and ldappasswd does not.
This would mean that "ipa passwd" command is also not working as it uses LDAP
way also.

More information about the Freeipa-users mailing list