Re: How To set things up to allow users to change their passwords

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Sunday, 6 December 2009 15:49:58 Robert Heller wrote:
> At Sun, 6 Dec 2009 02:13:28 +0100 Serge Fonville <serge.fonville@gmail.com> 
wrote:
> > On Fri, Dec 4, 2009 at 5:55 PM, Robert Heller <heller@deepsoft.com> wrote:
> > > I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
> > > RPMS) and I want to allow users to change their passwords, but I am
> > > confused by the documentation (it has both too much and not enough
> > > information -- there don't appear to be simple HowTos for common
> > > setups).
> >
> > Have you tried ldappasswd?
> 
> ldappasswd's man pages say:
> 
>        ldappasswd  is  neither  designed nor intended to be a replacement
>  for passwd(1) and should not be installed as such.

I am not sure what this is implying. It may be that it is implying it should 
not be installed in place of a typical passwd program (e.g. over /bin/passwd). 
However, ldappasswd can be used by users to change their own passwords, and is 
definitely useful for testing whether password changing works (to rule out 
application configuration issues).

> Are the man pages wrong?

Regarding what?

> > Or alternatively passwd -r ldap?

I think this is Solaris-specific.

> The version of passwd available under CentOS 5 (0.73) does not have a -r
> option.

Your PAM configuration should have been updated (if you used authconfig or 
similar) to change passwords via LDAP, so 'passwd' as an LDAP user should 
work.

Regards,
Buchan