Jakub, I took your advice and turned debugging to level 9, this is what I am seeing in the logs:
======================================================================================================= [root@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3 (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls. (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password =======================================================================================================
Here is some more relevant log information:
======================================================================================================= [root@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3 (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls. (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_sys_connect_done] (0x0100): Executing START TLS (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9cb7d0], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_connect_done] (0x0080): START TLS result: Success(0), Start TLS request accepted.Server willing to negotiate SSL. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'atl01osd110.vsi.com' as 'working' (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'atl01osd110.vsi.com' as 'working' (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x98db10
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x9e8cf0
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Destroying timer event 0x9e8cf0 "ltdb_timeout"
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Ending timer event 0x98db10 "ltdb_callback"
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [find_password_expiration_attributes] (0x4000): No password policy requested. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,ou=People,dc=some,dc=company,dc=com (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x900e80], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x900e80], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password Policy Response: expire [346806] grace [-1] error [No error]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [346806] seconds. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [2.16.840.1.113730.3.4.5]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [346806] seconds. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000): Found ppolicy data, assuming LDAP password policies are active. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_auth4chpass_done] (0x1000): user [uid=user1,ou=People,dc=some,dc=company,dc=com] successfully authenticated. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_control_create] (0x0080): Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3 (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9bf740], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9bf740], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 12, <NULL>) [Internal Error (Authentication token is no longer valid; new one required)] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sending result [12][LDAP] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sent result [12][LDAP] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000): Trace: sh[0x90d340], connected[1], ops[(nil)], ldap[0x9e8030], destructor_lock[0], release_memory[0] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [remove_connection_callback] (0x4000): Successfully removed connection callback. =======================================================================================================
I noticed it says "Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1]" looking at my 389-ds schema my password policy OID = 2.16.840.1.113730.3.2.13, could this be the issue?
Thanks, Daniel B.
On 09/12/2013 10:02 AM, Bright, Daniel wrote:
Jakub, I took your advice and turned debugging to level 9, this is what I am seeing in the logs:
=======================================================================================================
[root@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls.
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
=======================================================================================================
Here is some more relevant log information:
=======================================================================================================
[root@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls.
(Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_sys_connect_done] (0x0100): Executing START TLS
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9cb7d0], ldap[0x9e8030]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_connect_done] (0x0080): START TLS result: Success(0), Start TLS request accepted.Server willing to negotiate SSL.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'atl01osd110.vsi.com' as 'working'
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'atl01osd110.vsi.com' as 'working'
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x98db10
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x9e8cf0
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Destroying timer event 0x9e8cf0 "ltdb_timeout"
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Ending timer event 0x98db10 "ltdb_callback"
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [find_password_expiration_attributes] (0x4000): No password policy requested.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,ou=People,dc=some,dc=company,dc=com
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x900e80], ldap[0x9e8030]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x900e80], ldap[0x9e8030]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [1.3.6.1.4.1.42.2.27.8.5.1].
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password Policy Response: expire [346806] grace [-1] error [No error].
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [346806] seconds.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [2.16.840.1.113730.3.4.5].
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [346806] seconds.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000): Found ppolicy data, assuming LDAP password policies are active.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_auth4chpass_done] (0x1000): user [uid=user1,ou=People,dc=some,dc=company,dc=com] successfully authenticated.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_control_create] (0x0080): Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1].
This is the problem. Please check your DS. On the SSSD side it was fixed in sssd-1.5.1-51.el6 so it might be something going on the DS configuration side.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9bf740], ldap[0x9e8030]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9bf740], ldap[0x9e8030]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls.
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 12, <NULL>) [Internal Error (Authentication token is no longer valid; new one required)]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sending result [12][LDAP]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sent result [12][LDAP]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000): Trace: sh[0x90d340], connected[1], ops[(nil)], ldap[0x9e8030], destructor_lock[0], release_memory[0]
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [remove_connection_callback] (0x4000): Successfully removed connection callback.
=======================================================================================================
I noticed it says “Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1]” looking at my 389-ds schema my password policy OID = 2.16.840.1.113730.3.2.13, could this be the issue?
Thanks,
Daniel B.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Thu, Sep 12, 2013 at 02:02:12PM +0000, Bright, Daniel wrote:
Jakub, I took your advice and turned debugging to level 9, this is what I am seeing in the logs:
======================================================================================================= [root@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3 (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls. (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password =======================================================================================================
Here is some more relevant log information:
======================================================================================================= [root@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3 (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls. (Thu Sep 12 09:44:57 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_sys_connect_done] (0x0100): Executing START TLS (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9cb7d0], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_connect_done] (0x0080): START TLS result: Success(0), Start TLS request accepted.Server willing to negotiate SSL. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'atl01osd110.vsi.com' as 'working' (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'atl01osd110.vsi.com' as 'working' (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x98db10
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x9e8cf0
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Destroying timer event 0x9e8cf0 "ltdb_timeout"
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [ldb] (0x4000): Ending timer event 0x98db10 "ltdb_callback"
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [find_password_expiration_attributes] (0x4000): No password policy requested. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,ou=People,dc=some,dc=company,dc=com (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x900e80], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x900e80], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password Policy Response: expire [346806] grace [-1] error [No error]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [346806] seconds. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [2.16.840.1.113730.3.4.5]. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [346806] seconds. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000): Found ppolicy data, assuming LDAP password policies are active. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_auth4chpass_done] (0x1000): user [uid=user1,ou=People,dc=some,dc=company,dc=com] successfully authenticated. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_control_create] (0x0080): Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1].
I don't think this control is marked as critical..
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x0100): Executing extended operation (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (0x2000): ldap_extended_operation sent, msgid = 3 (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9bf740], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x90d340], connected[1], ops[0x9bf740], ldap[0x9e8030] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0200): Server returned no controls. (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (0x0080): ldap_extended_operation result: Constraint violation(19), Failed to update password
This seems to be the problem. "Constraint violation" usually means the password was deemed too weak or too short. Can you try with a stronger password?
btw the fact that the Constrain Violation error didn't bubble up all the way to the user is a bug that was fixed quite recently - https://fedorahosted.org/sssd/ticket/1827
(Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 12, <NULL>) [Internal Error (Authentication token is no longer valid; new one required)] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sending result [12][LDAP] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sent result [12][LDAP] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000): Trace: sh[0x90d340], connected[1], ops[(nil)], ldap[0x9e8030], destructor_lock[0], release_memory[0] (Thu Sep 12 09:54:50 2013) [sssd[be[LDAP]]] [remove_connection_callback] (0x4000): Successfully removed connection callback. =======================================================================================================
I noticed it says "Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1]" looking at my 389-ds schema my password policy OID = 2.16.840.1.113730.3.2.13, could this be the issue?
Thanks, Daniel B.
sssd-users@lists.fedorahosted.org
-
Bright, Daniel -
Dmitri Pal -
Jakub Hrozek