Follow meThis article will show you how to configure the ldap-chpasswd included in the SquirrelMail Change Password plugin. The ldap-chpasswd can change an Active Directory or LDAP server password. If you have not yet installed this plugin, see the SquirrelMail Change Password Howto.
1. Make sure your Active Directory is enabled for SSL. This is required in Active Directory to change the user password using LDAPS.
2. If you have not yet configured the RPMForge yum repository, see Add RPMForge to your Yum repository.
3. Type in yum install perl perl-ldap from a terminal window. This will install the ldap-chpasswd prerequisites.
4. Go to the /usr/share/squirrelmail/plugin/change_passwd directory. Check if ldap-chpasswd runs by typing in ./ldap-chpasswd. You should see your autodetected settings.
5. If any of the autodetected settings are incorrect, copy the file ldap-chpasswd.cfg.sample and save it as ldap-chpasswd.cfg. Next edit the ldap-chpasswd.cfg file and set the correct values.
6. Check your configuration by typing in ./ldap-chpasswd user password. Replace user and password with a valid Active Directory user name and password. You should see the distinguished name of the user.
7. Edit config.php and set $overridePathToChpasswd to ldap-chpasswd. That’s it, you should now be able to change your Active Directory password from SquirrelMail.Visit the forum to ask for help or to give a comment.
***
Posted on 5/19/2008 and last updated on 11/6/2009
Filed under Active Directory , SquirrelMail
October 25th, 2008 at 5:18 pm
step 3 test ok,but error at step 6:
Cannot connect to server…. why? pls help me
November 11th, 2008 at 7:39 am
i followed all the steps mentioned on this site. i read and follow the manual on the file ldap-chpasswd.cfg, and i am sure that i fill it right. but why get i always a “cannot connect to server?” please help. i will be very thankful. regards.
November 11th, 2008 at 2:39 pm
Your host name was not auto detected, you have to configure it manually. Please see step 5.
November 11th, 2008 at 7:56 pm
everything went well, just the last part, ldap-chpasswd does not work, both in squirrelmail and command line, the error is
The request contains a value which does not meet with certain constraints.
This result can be returned as a consequence of
* The request was to add or modify a user password, and the password fails to
meet the criteria the server is configured to check. This could be that the
password is too short, or a recognizable word (e.g. it matches one of the
attributes in the users entry) or it matches a previous password used by
the same user.
* The request is a bind request to a user account that has been locked
‘ldap-chpasswd username password’ got no error, anyone can help to explain what does the error above means.
November 12th, 2008 at 4:23 am
“Your host name was not auto detected, you have to configure it manually. Please see step 5.”
sorry for my dumb question,what should i edit in file ldap-chpasswd.cfg? i can not find a hint about hostname in the file ldap-chpasswd.cfg.
thank you for your help.
November 12th, 2008 at 12:55 pm
Hi terry,
Make sure that the new password meets whatever password policy has been configured in Active Directory. The password policies are:
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Password must meet complexity requirements
November 12th, 2008 at 12:59 pm
Hi arkosaso,
You need to set $hosts and probably $domain. See ldap-chpasswd.cfg.sample for more details
November 13th, 2008 at 6:01 pm
hi,
well, i set $hosts with the hostname of the AD server, and i set $domain with the domain.
i can ping the hostname of the AD from the linux machine.
for the domain, should i write in capital letter or not? might that the problem?
thx for your help!
November 15th, 2008 at 9:08 am
Hi arkosaso,
Your right, the change password is no longer working in Active Directory. It turns out the SSL certificate was not even needed in the first place. Please download the new version, it should now work.
November 17th, 2008 at 2:59 am
hi,
thx for you afford. but my next problem is the site ‘change password’ doesn’t show up in the browser. did i something wrong? or did i miss something? thx for your help!
November 18th, 2008 at 2:08 am
You may have deactivated the change password plugin.
If you would like to see it in the SquirrelMail login page, set $changePasswdInLogin = 1 in /usr/share/squirrelmail/plugins/change_passwd/config.php
January 7th, 2009 at 10:53 am
I received the same error as Terry’s:
The request contains a value which does not meet with certain constraints.
This result can be returned as a consequence of
* The request was to add or modify a user password, and the password fails to
meet the criteria the server is configured to check. This could be that the
password is too short, or a recognizable word (e.g. it matches one of the
attributes in the users entry) or it matches a previous password used by
the same user.
* The request is a bind request to a user account that has been locked.
Thank you very much.
January 7th, 2009 at 8:42 pm
Hi xuanpd,
Please see my reply to terry, comment #6