[SOLVED] LDAP Constraint Violation while changing password

Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users [SOLVED] LDAP Constraint Violation while changing password
# 1  
Old 04-03-2012
[SOLVED] LDAP Constraint Violation while changing password

Hello there,

I hope that I am posting in the right section here, please advise if I posted wrong.

I currently try to change passwords in our Active Directory Envoirenment via LDAP on Linux since the users in question do not have access to a windows-machine and we want to keep it that way.
In order to change the password I am currently stuck figuring out how to use ldapmodify to do so. After a lot of reading on different sites/forums/newsgroups I am much more confused than before Smilie

I try the following command to do so:
ldapmodify -f ldif.example -H ldaps://lab01-dc01.example.com -D 'CN=test,CN=users,DC=lab01,DC=example,DC=com' -x -W

The contents of the ldif.example:
dn: CN=test,CN=Users,DC=lab01,DC=example,DC=com
changetype: modify
delete: unicodePwd
unicodePwd:: V3VQdXV1STEyLg==
add: unicodePwd
unicodePwd:: QmxhVVVraTEyLg==

(Don't worry - those passwords are not used anywhere and it is not a production envoirenment)

Now - every time I execute the command I get the following error:
modifying entry CN=test,CN=Users,DC=lab01,DC=example,DC=com"
ldapmodify: Constraint violation (19)
 additional info: 0000216C: AtrErr: DSID-03190EB0, #1:
 0: 0000216C: DSID-03190EB0, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

Now, after what I read the reason for this error is either that the password is badly formatted or that the password policy doesn't allow the password I used. I checked the policy - multiple times now - and the new password definetly complies to the policy by all the criteria. If I set the password using a Windows-machine it also works well (of course I changed the "oldpassword" and "newpassword" afterwards since I am not allowed by the policy to change to an earlier password). The password I enter after passing the "-W" option to ldapmodify is also definetly right, otherwise the error spit out by ldapmodify is that I used invalid credentials instead of a constraint violation.
So - the sole reason I can think of is indeed a bad formatted password - but I can't figure out where the bad formatting should come from since I use the normal base64 algorythm to encode the password.

Has anyone an idea what is going on?
Can anyone push me in the right direction?

Help is very appreciated and I thank you in advance.

---------- Post updated 03-04-12 at 04:40 PM ---------- Previous update was 02-04-12 at 06:33 PM ----------

For future reference, if anyone should encounter similiar problems:
The simple solution? Just use smbpasswd instead of ldap to change the password - that works flawless! I am really grumped that I didn't think of it before Smilie

However - the way to change your password in the active directory using samba (using CentOS):
~#yum install samba
~#smbpasswd -r domaincontroller.example.com -U testuser1
Old SMB password:
New SMB password:
Retype new SMB password:
Password changed for user testuser1 on domaincontroller.example.com

And then you can login using the new password. Easy as that, really. This is considered as solved for me.

Last edited by henryford; 04-03-2012 at 12:41 PM.. Reason: [SOLVED]
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Giving password reset access to non-root user, in LDAP

Hi, We have two LDAP servers. Whenever we get a ticket to reset the password, we login to LDAP primary server and reset the password. For below example, I logged into primary LDAP server and resetting password to john to Welcome123# We are giving this work to tier-1 team, so that they can reset... (1 Reply)
Discussion started by: ron323232
1 Replies

2. UNIX and Linux Applications

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello :) we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin: Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies

3. Shell Programming and Scripting

[Solved] Changing 0 to 1 and 1 to 0

Hi I have an expression that returns 1 if a text is found and 0 if its not found. I need it the other way around. 0 of found and 1 if its not found echo $((`cat /var/log/system1/output.html | grep aligment | head -n1 | wc -l`)) Is this possible without doing an if/then/else, just... (5 Replies)
Discussion started by: Jotne
5 Replies

4. Shell Programming and Scripting

[Solved] Need help changing a field from MM/DD/YY to DD/MM/YY format

Hi, I need help changing a field from MM/DD/YY to DD/MM/YY format. Suppose a file a.csv. The record is "11/16/09","ABC"," 1","EU","520892414","1","600","31351000","1234567","ANR BANK CO. LTD" "11/16/09","PQR"," 2","EU","520892427","1","600","31351000","5467897","ANR BANK CO.... (4 Replies)
Discussion started by: Gangadhar Reddy
4 Replies

5. Shell Programming and Scripting

[SOLVED] Changing file names

I have written a csh script that changes the name of file from src to dst. I am getting the error below: TESTAmvfiles DONE TESTAmvfiles set: Variable name must begin with a letter. The csh script is: #!/bin/csh #... (0 Replies)
Discussion started by: kristinu
0 Replies

6. UNIX for Advanced & Expert Users

setting password in ldap

Hi, I have installed open ldap according to the order from this video: YouTube - bowendenning's Channel sudo apt-get install slapd sudo apt-get install ldap-utils sudo apt-get install phpldapadmin The installaion was good. However it did NOT ask from me any password. After I enter to... (0 Replies)
Discussion started by: programAngel
0 Replies

7. UNIX for Advanced & Expert Users

How to reset the ldap root password?

How to change the ldap root password. I have generated the password by using "slappasswd " command, but In my root machine "/etc/ldap/sldap.d" file is not there. instead of the file sldap.d directory only is there. please help me...? (0 Replies)
Discussion started by: ungalnanban
0 Replies

8. Shell Programming and Scripting

[Solved] Changing to upper case in csh

How can I change a string contained in a variable to upper case using csh ??? ---------- Post updated at 08:39 AM ---------- Previous update was at 08:29 AM ---------- I think I've got it, using tr has solved the problem set opt = ` echo $opt | tr "" "" ` (1 Reply)
Discussion started by: kristinu
1 Replies

9. Solaris

changing user password as root on LDAP client SOl10/u7

I'm fairly inexperienced with LDAP and DSEE so to build my skills I installed directory server in the global zone of my Sol 10/u7 machine and created a zone to use as a client. For some reason when I try to change a users password as root (in the client zone) with passwd -r ldap I am prompted for... (1 Reply)
Discussion started by: ilikecows
1 Replies

10. Solaris

LDAP user password reset script

Hey all, I'm looking for a script to auto-generate a password for users that forget their password. Currently, we are using a perl script (with cgi-bin) where users update their password, but would like to add to this and make it so that the users can also request a password reset and a... (1 Reply)
Discussion started by: em23
1 Replies
Login or Register to Ask a Question

Featured Tech Videos