Ldappasswd with RootDN bind not working


I'm trying to change password for user jdoe using ldappasswd via RootDN bind. Executed command looks like

ldappasswd -H ldap:// -x -D "CN=ldap_manager,CN=Users,DC=mycompany,DC=local" -w ldap_manager_pswd -s newpasswd "CN=Jane Doe,DC=mycompany,DC=local"

but it throws an error

Result: Protocol error (2)
Additional info: 0000203D: LdapErr: DSID-0C090DA1, comment: Unknown extended request OID, data 0, v1db1

Bind works fine as I can execute ldapsearch

ldapsearch -H ldap:// -x -D "CN=ldap_manager,CN=Users,DC=mycompany,DC=local" -w ldap_manager_pswd "CN=Jane Doe"

Any tips what I'm missing?

Best Answer

Just a few thoughts:

  • Does jdoe's collection of object classes support the field userPassword?
  • Do you have a password policy, which needs you to enter the old password when changing to a new one?
  • Is CN=ldap_manager,CN=Users,DC=mycompany,DC=local allowed (via access rules) to view and/or change userPassword fields (for the user)?

Curious about your thoughts on these points!


Do you use AD or OpenLDAP? Please check whether the version of software you use supports the LDAP Password Modify Extended Operation (see RFC 3062). I heard that some versions of AD do not support them.