[Ltb-users] [ltb-dev] Self Service Password is not working

Ramesh Kumar ramesh at slideshare.com
Tue Oct 9 13:03:06 CEST 2012


It worked for me. I can change the password from GUI after changing the shadow last change to false

$shadow_options['update_shadowLastChange'] = false;


Thanks
Ramesh


On Oct 9, 2012, at 3:07 PM, Clément OUDOT wrote:

> 2012/10/9 Ramesh Kumar <ramesh at slideshare.com>:
>> Please find the config.inc.php file and complete logs while I am trying to
>> change the password from GUI.
>> 
>> <?php
>> #==============================================================================
>> # LTB Self Service Password
>> #
>> # Copyright (C) 2009 Clement OUDOT
>> # Copyright (C) 2009 LTB-project.org
>> #
>> # This program is free software; you can redistribute it and/or
>> # modify it under the terms of the GNU General Public License
>> # as published by the Free Software Foundation; either version 2
>> # of the License, or (at your option) any later version.
>> #
>> # This program is distributed in the hope that it will be useful,
>> # but WITHOUT ANY WARRANTY; without even the implied warranty of
>> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> # GNU General Public License for more details.
>> #
>> # GPL License: http://www.gnu.org/licenses/gpl.txt
>> #
>> #==============================================================================
>> 
>> #==============================================================================
>> # Configuration
>> #==============================================================================
>> # LDAP
> ...
>> 
>> # Active Directory mode
>> # true: use unicodePwd as password field
>> # false: LDAPv3 standard behavior
>> $ad_mode = true;
>> # Force account unlock when password is changed
>> $ad_options['force_unlock'] = true;
>> # Force user change password at next login
>> $ad_options['force_pwd_change'] = false;
>> 
>> # Samba mode
>> # true: update sambaNTpassword and sambaPwdLastSet attributes too
>> # false: just update the password
>> # Warning: this require mhash() to be installed on your system
>> $samba_mode = false;
>> 
>> # Shadow options - require shadowAccount objectClass
>> # Update shadowLastChange
>> $shadow_options['update_shadowLastChange'] = true;
>> 
>> # Hash mechanism for password:
>> # SSHA
>> # SHA
>> # SMD5
>> # MD5
>> # CRYPT
>> # clear (the default)
>> # This option is not used with ad_mode = true
>> $hash = "SSHA";
>> 
>> # Local password policy
>> # This is applied before directory password policy
>> # Minimal length
>> $pwd_min_length = 10;
>> # Maximal length
>> $pwd_max_length = 1;
>> # Minimal lower characters
>> $pwd_min_lower = 1;
>> # Minimal upper characters
>> $pwd_min_upper = 1;
>> # Minimal digit characters
>> $pwd_min_digit = 1;
>> # Minimal special characters
>> $pwd_min_special = 1;
>> # Definition of special characters
>> $pwd_special_chars = "^a-zA-Z0-9";
>> # Forbidden characters
>> #$pwd_forbidden_chars = "@%";
>> # Don't reuse the same password as currently
>> $pwd_no_reuse = true;
>> # Complexity: number of different class of character required
>> $pwd_complexity = 2;
>> # Show policy constraints message:
>> # always
>> # never
>> # onerror
>> $pwd_show_policy = "onerror";
>> 
>> # Who changes the password?
>> # Also applicable for question/answer save
>> # user: the user itself
>> # manager: the above binddn
>> $who_change_password = "user";
>> 
>> ## Questions/answers
>> # Use questions/answers?
>> # true (default)
>> # false
>> $use_questions = false;
>> 
>> # Answer attribute should be hidden to users!
>> $answer_objectClass = "extensibleObject";
>> $answer_attribute = "info";
>> 
>> # Extra questions (built-in questions are in lang/$lang.inc.php)
>> #$messages['questions']['ice'] = "What is your favorite ice cream flavor?";
>> 
>> ## Token
>> # Use tokens?
>> # true (default)
>> # false
>> $use_tokens = true;
>> # Crypt tokens?
>> # true (default)
>> # false
>> $crypt_tokens = true;
>> # Token lifetime in seconds
>> $token_lifetime = "3600";
>> 
>> ## Mail
>> # LDAP mail attribute
>> $mail_attribute = "mail";
>> # Who the email should come from
>> $mail_from = "admin at temporary.net";
>> # Notify users anytime their password is changed
>> $notify_on_change = true;
>> 
>> # Display help messages
>> $show_help = true;
>> 
>> # Language
>> $lang ="en";
>> 
>> # Logo
>> $logo = "style/ltb-logo.png";
>> 
>> # Debug mode
>> $debug = true;
>> 
>> # Encryption, decryption keyphrase
>> $keyphrase = "secret";
>> 
>> # Where to log password resets - Make sure apache has write permission
>> # By default, they are logged in Apache log
>> $reset_request_log = "/var/log/self-service-password";
>> 
>> ## CAPTCHA
>> # Use Google reCAPTCHA (http://www.google.com/recaptcha)
>> # Go on the site to get public and private key
>> $use_recaptcha = false;
>> $recaptcha_publickey = "";
>> $recaptcha_privatekey = "";
>> # Customize theme (see
>> http://code.google.com/intl/de-DE/apis/recaptcha/docs/customization.html)
>> # Examples: red, white, blackglass, clean
>> $recaptcha_theme = "white";
>> 
>> ?>
>> 
>> 
>> ############# LOGS ###########
>> ==> httpd/ssp_access_log <==
>> 192.168.6.76 - - [09/Oct/2012:14:58:08 +0530] "POST / HTTP/1.1" 200 2011
>> "http://192.168.6.180/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4)
>> AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
>> 
>> ==> httpd/ssp_error_log <==
>> [Tue Oct 09 14:58:08 2012] [error] [client 192.168.6.76] PHP Warning:
>> ldap_get_values() [<a
>> href='function.ldap-get-values'>function.ldap-get-values</a>]: Cannot get
>> the value(s) of attribute Decoding error in
>> /usr/share/self-service-password/pages/change.php on line 116, referer:
>> http://192.168.6.180/
>> [Tue Oct 09 14:58:08 2012] [error] [client 192.168.6.76] PHP Warning:
>> preg_match_all() [<a
>> href='function.preg-match-all'>function.preg-match-all</a>]: Compilation
>> failed: missing terminating ] for character class at offset 2 in
>> /usr/share/self-service-password/lib/functions.inc.php on line 153, referer:
>> http://192.168.6.180/
>> 
>> ==> ldap.log <==
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 fd=12 ACCEPT from
>> IP=192.168.6.180:57467 (IP=0.0.0.0:389)
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 BIND dn="cn=admin,dc=ss"
>> method=128
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 BIND dn="cn=admin,dc=ss"
>> mech=SIMPLE ssf=0
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=0 RESULT tag=97 err=0 text=
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=1 SRCH base="dc=ss" scope=2
>> deref=0 filter="(&(objectClass=inetOrgPerson)(uid=ramesh))"
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to
>> "dc=ss" "entry" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "objectClass" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "uid" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: search access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "entry" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (cn)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "cn" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (sn)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "sn" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (givenName)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "givenName" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (gidNumber)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "gidNumber" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (homeDirectory)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "homeDirectory" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (loginShell)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "loginShell" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (objectClass)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "objectClass" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result was in cache
>> (objectClass)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result was in cache
>> (objectClass)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (uid)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "uid" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (uidNumber)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "uidNumber" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (userPassword)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "userPassword" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= root access granted
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: read access granted
>> by manage(=mwrscxd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=1 SEARCH RESULT tag=101
>> err=0 nentries=1 text=
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND anonymous
>> mech=implicit ssf=0
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND dn="cn=Ramesh
>> Kumar,ou=people,dc=ss" method=128
>> Oct  9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry:
>> "cn=ramesh kumar,ou=people,dc=ss"
>> Oct  9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry:
>> "cn=defaultpwpolicy,ou=policies,dc=ss"
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: result not in cache
>> (userPassword)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: auth access to
>> "cn=Ramesh Kumar,ou=people,dc=ss" "userPassword" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: => acl_get: [1] attr userPassword
>> Oct  9 14:58:08 ldap01 slapd[5679]: => acl_mask: access to entry "cn=Ramesh
>> Kumar,ou=people,dc=ss", attr "userPassword" requested
>> Oct  9 14:58:08 ldap01 slapd[5679]: => acl_mask: to value by "", (=0)
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= check a_dn_pat: cn=auther,dc=ss
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= check a_dn_pat: anonymous
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= acl_mask: [2] applying auth(=xd)
>> (stop)
>> Oct  9 14:58:08 ldap01 slapd[5679]: <= acl_mask: [2] mask: auth(=xd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => slap_access_allowed: auth access
>> granted by auth(=xd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: => access_allowed: auth access granted
>> by auth(=xd)
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 BIND dn="cn=Ramesh
>> Kumar,ou=people,dc=ss" mech=SIMPLE ssf=0
>> Oct  9 14:58:08 ldap01 slapd[5679]: => bdb_entry_get: found entry:
>> "cn=ramesh kumar,ou=people,dc=ss"
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=2 RESULT tag=97 err=0 text=
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 op=3 UNBIND
>> Oct  9 14:58:08 ldap01 slapd[5679]: conn=1045 fd=12 closed
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 fd=12 ACCEPT from
>> IP=192.168.6.182:60016 (IP=0.0.0.0:389)
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 BIND dn="cn=admin,dc=ss"
>> method=128
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 BIND dn="cn=admin,dc=ss"
>> mech=SIMPLE ssf=0
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=0 RESULT tag=97 err=0 text=
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SRCH base="dc=ss" scope=2
>> deref=0 filter="(objectClass=*)"
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SRCH attr=*
>> structuralObjectClass entryCSN
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=1 SEARCH RESULT tag=101
>> err=0 nentries=0 text=
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 op=2 UNBIND
>> Oct  9 14:58:10 ldap01 slapd[5679]: conn=1046 fd=12 closed
>> ##############################
>> 
>> On GUI, its says: "Your password is too big"
>> 
> 
> See this paramter :
> 
> $pwd_max_length = 1;
> 
> Set it to 0 to remove max size test.
> 
> You also need to se ad_mode to false.
> 
> Please take a look at the documentation where all parameters are
> described: http://ltb-project.org/wiki/documentation/self-service-password/latest/start
> 
> Clément.



More information about the ltb-users mailing list