>> Hello >> >> >> I've installed a openldap as proxy in a DMZ for authentication >> forwarding to an Active Directoy. >> The Proxy is used by a VPN gateway. >> >> That all works very well, but password change from client fails with >> following error: >> >> slapd[30661]: conn=1001 op=5 do_modify >> slapd[30661]: conn=1001 op=5 do_modify: dn >> (cn=XPTEST5,ou=Users,dc=myorg,dc=net) slapd[30661]: >>> >> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net> slapd[30661]: <<< >> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net>, >> <cn=xptest5,ou=users,dc=myorg,dc=net> slapd[30661]: conn=1001 op=5 >> modifications: slapd[30661]: delete: UnicodePwd >> slapd[30661]: one value, length 26 >> slapd[30661]: add: UnicodePwd >> slapd[30661]: one value, length 26 >> slapd[30661]: conn=1001 op=5 MOD >> dn="cn=TEST5,ou=Users,dc=myorg,dc=net" slapd[30661]: conn=1001 op=5 >> MOD attr=UnicodePwd UnicodePwd slapd[30661]: send_ldap_result: >> conn=1001 op=5 p=3 slapd[30661]: send_ldap_result: err=17 matched="" >> text="UnicodePwd: attribute type undefined" >> slapd[30661]: send_ldap_response: msgid=6 tag=103 err=17 >> slapd[30661]: conn=1001 op=5 RESULT tag=103 err=17 text=UnicodePwd: >> attribute type undefined >> slapd[30661]: daemon: activity on 1 descriptor >> slapd[30661]: daemon: activity on: >> slapd[30661]: >> slapd[30661]: daemon: epoll: listen=7 active_threads=0 tvp=zero >> slapd[30661]: daemon: activity on 1 descriptor >> slapd[30661]: daemon: activity on: >> >> As I understand, UnicodePwd is a proprietary "standard" MS attribute >> in AD to store the password but the RFC attribute is the userPassword. >> >> >> Is it possible, to get the proxy working to process this MOD request, >> may be that openldap proxy pass through the MOD operation with the >> attribute UnicodePwd from the VPN-gateway? > [...] > > create a private schema with all relevant attribute types and object > classes
Thanks, that worked!!! Meike
