[Date Prev][Date Next] [Chronological] [Thread] [Top]

Chaining problem

To: <openldap-technical@openldap.org>
Subject: Chaining problem
From: Joe Friedeggs <friedeggs44@hotmail.com>
Date: Wed, 2 Dec 2009 11:00:08 -0600
Importance: Normal

I have a master-slave configuration, sync'ed with syncrepl.  Most of my LDAP clients connect directly to the slave servers.  Some of my client can handle referrals, but others cannot.  For this reason, I use the 'chain' overlay. 

The configuration works fine when I have 'pam_password clear' in my clients' ldap.conf.  But with 'pam_password md5', the clients are not sending the control messaging for ppolicy.  This seems to be a pam_ldap issue, but I cannot seem to track it down and correct it.  

It has been suggested that I use the 'pam_password exop' option on the clients as a work-around for the pam_ldap issue.  Doing this, I get hashed passwords, as well as correct ppolicy control messaging, and everything works fine doing this in my other (lab) scenario where I am not required to use chaining.  BUT, in my chaining config, when the user makes a password change, instead of the user's password being changed, the chain's bind password is changed. NOTE: I do not employ SASL.

Is this configuration supported?  Anyone know why the chain's bind password would be getting changed, instead of the user's?

Thanks,
Joe
 		 	   		  
_________________________________________________________________
Windows Live Hotmail gives you a free,exclusive  gift.
http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_7:092009

Follow-Ups:
- Chaining problem
  - From: "Dominguez, Gaston Matias" <gdominguez@eling.com.ar>
- File Server & LDAP Server
  - From: "Dominguez, Gaston Matias" <gdominguez@eling.com.ar>

Prev by Date: Re: changing samba and ldap password at the same time
Next by Date: Chaining problem
Index(es):
- Chronological
- Thread