[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap authentication and password change.


I have seen a lot of discussion about openldap and authentication. I have
tried to read and understand em but I still have some unsolved problems. I
hope some one who is more familiar with this could help me.

The problem is:

I have OpenLDAP 2.0.11 server on the RedHat 7.0 platform. I use nss
for user authentication. Authentication works fine but password change
doesn't. Following error occurs when I try to change password:

$ passwd
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Insufficient access

In the file slapd.conf I have following ACL definition:

defaultaccess read
access to attr=userPassword
  by self write
  by anonymous auth
  by * none

/etc/pam.d/passwd contains:

$ cat /etc/pam.d/passwd
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_pwdb.so shadow try_first_pass
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_pwdb.so

/etc/nsswitch.conf contains:

passwd:     files ldap
shadow:     files ldap
group:      files ldap

/etc/ldap.conf file have next kind of configs:

$ cat /etc/ldap.conf
base dc=star,dc=fi
port 389
pam_crypt local
pam_filter objectclass=posixAccount
pam_member_attribute memberuid
pam_login_attribute uid

In the LDAP directory I have the following kind of entry per each user:

# u1, people, dc=star, dc=fi
dn: cn=u1, ou=people, dc=star, dc=fi
cn: u1
sn: Test
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
uid: u1
userPassword:: e1NTSEFdVVI3Ync5WWprNWhfNXhNcEk4SCt6sU9UaC8raFlzZlA=
uidNumber: 511
gidNumber: 700
gecos: Test u1
loginShell: /bin/bash
homeDirectory: /home/u1
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0

I really dont find out what's going wrong. I would be very thankfull if
some one could guide me..

	Marko Kuivalainen