[Date Prev][Date Next] [Chronological] [Thread] [Top]

Change User Password (passwd vs. ldappasswd)

To: openldap-technical@openldap.org
Subject: Change User Password (passwd vs. ldappasswd)
From: weigao88@gmail.com
Date: Mon, 02 Aug 2010 20:34:41 +0000

Hi,

I have set up and configured openldap 2.3 servers (master-slave) that comes with CentOS 5.4. I use openldap to centralize Linux/Unix user account management. Everything works as expected. However, I am confused about changing user password. Without LDAP, we use file-based authentication (/etc/passwd and /etc/shadow), so users can change their password via "passwd" command. Now I have migrated all my users to LDAP with default password policy, users can still use passwd command to change the password, but LDAP password policy is not enforced, for example, my ldap password policy has a minimum password length requirement of 12, and I am able to change user password to something less than 12 characters. However, if users use "ldappasswd -x -vv -S -W -D uid=user1,ou=People,dc=IT,dc=Company" to change their password, the LDAP password policy will be enforced, i.e. they will not allow to change to a password less than 12 characters.

Are the users supposed to use passwd OR ldappasswd command to change their password? It's very inconvenient for users to use ldappassword command to change password as you can see they have to do much more typing, and some novice users are not even aware of ldappasswd command. I am confused here. Any help would be greatly appreciated.

Thanks
Wei

Follow-Ups:
- Re: Change User Password (passwd vs. ldappasswd)
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: ldap_start_tls: Connect error (-11)
Next by Date: Re: ldapadd Naming Violation error 64
Index(es):
- Chronological
- Thread