Re: password changing problems

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Monday 21 July 2008 21:08:57 Ron Echeverri wrote:
> >I've set up OpenLDAP 2.4.10 and have been using phpldapadmin for user
> >management.  The machines in our QA environment are set up to allow
>
> LDAP
>
> >users to log in, and they are also able to change their password via
>
> the
>
> >passwd command.  However, they are only able to do this once; if they
> >attempt it again, it bounces back with "LDAP Password incorrect: try
> >again".  They are able to log out and in regardless, but passwd will
>
> not
>
> >accept their password in order to change it.  If the user's password is
> >reset in phpldapadmin, again they are able to change the password once,
> >and no more.
>
> I'd like to thank Kim Nguyen for giving me the solution to my problem:
> reconfiguring OpenLDAP with --enable-crypt (which, inexplicably, is off
> by default).  Once i recompiled slapd, i was able to change passwords as
> often as i liked.

Maybe you should rather use 

pam_password exop

in /etc/ldap.conf, and ensure that you are using pam_ldap for authentication, 
and not nss_ldap->pam_unix which limits you to the insufficiently encrypted 
crypt hash.

Regards,
Buchan