[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap works but passwd does not

To: openldap-software@OpenLDAP.org
Subject: ldap works but passwd does not
From: Sebastian von Swiontek <svs@talicom.de>
Date: Sat, 15 Sep 2001 17:49:53 +0200
Organization: talicom GmbH

Hi list,

perhaps it is a request for the pam_ldap or nss_ldap lists, but I don't know how
to subscribe to them.

So here is my problem:
My LDAP Directory Server runs and I've created a Directory and added a
posixUser. It is possible to see it by "getent passwd" and it works to login and
authorize. But if this user wants to change his password, passwd says the
following:

<--snip-->
svs@cdnew:~> passwd
LDAP Password incorrect
passwd: User not known to the underlying authentication module
<--snip-->
Errorlevel 10

So where is the problem? Only the root user can change the password for this
user. Following messages appear while running "passwd" in syslog:

<--snip-->
Sep 15 17:36:26 cdnew slapd[30950]: conn=16 op=4 SRCH 
	base="ou=Mitarbeiter,dc=talicom,dc=de" scope=2
	filter="(&(objectClass=posixAccount)(uid=svs))"
Sep 15 17:36:26 cdnew slapd[30950]: conn=16 op=4 SEARCH RESULT tag=101
	err=0 text=
Sep 15 17:36:26 cdnew slapd[30947]: daemon: conn=66 fd=16 connection from
	IP=127.0.0.1:36303 (IP=:: 34049) accepted.
Sep 15 17:36:26 cdnew slapd[30949]: conn=66 op=0 BIND
	dn="CN=MANAGER,DC=TALICOM,DC=DE" method=128
Sep 15 17:36:26 cdnew slapd[30949]: conn=66 op=0 RESULT tag=97 err=0 text=
Sep 15 17:36:26 cdnew slapd[30950]: conn=66 op=1 SRCH base="dc=talicom,dc=de"
	scope=2 filter="(&(objectClass=posixAccount)(uid=svs))"
Sep 15 17:36:26 cdnew slapd[30950]: conn=66 op=1 SEARCH RESULT tag=101 err=0
	text=
Sep 15 17:36:26 cdnew slapd[30949]: conn=66 op=2 BIND
	dn="CN=MANAGER,DC=TALICOM,DC=DE" method=128
Sep 15 17:36:26 cdnew slapd[30949]: conn=66 op=2 RESULT tag=97 err=0 text=
Sep 15 17:36:26 cdnew slapd[30950]: conn=66 op=3 UNBIND
Sep 15 17:36:26 cdnew slapd[30950]: conn=-1 fd=16 closed
<--snip-->


My /etc/pam.d/passwd (its SuSE 7.2)
<--snip-->
auth     sufficient     /lib/security/pam_ldap.so
auth     required       /lib/security/pam_unix.so       nullok try_first_pass
debug
account  sufficient     /lib/security/pam_ldap.so
account  required       /lib/security/pam_unix.so
password required       /lib/security/pam_pwcheck.so    nullok
password sufficient     /lib/security/pam_ldap.so      use_first_pass
use_authtok
password required       /lib/security/pam_unix.so       nullok use_first_pass
use_authtok
session  required       /lib/security/pam_unix.so
<--snip-->

Please help me soon or give me some links, which can help.

Thanks in advance,
Sebastian



-- 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mit freundlichen Gruessen / Kind regards

Sebastian von Swiontek

e-mail  : svs@talicom.de

talicom GmbH                    Tel.   : +49 511 123599-16
Calenberger Esplanade 3         Fax.   : +49 511 123599-11
D-30169 Hannover                Mobile : +49 172 5185548
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Prev by Date: RE: tcl link with 2.0.11
Next by Date: Re: NFS and LDAP auth
Index(es):
- Chronological
- Thread