[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issues when changing LDAP password

Am 09.03.2009 15:00, Gustavo Mendes de Carvalho schrieb:
Hi there,

I'm running an LDAP server version 2.3.39 and I'm using ppolicy to force users in some specific things, but I'm having some issue when I try to change my user's password with passwd command.

Here's the output screen

[user1@cliserv ~]$ ssh ldapclisrv
user1@ldapclisrv's password:
Your LDAP password will expire in 10 days.

WOW! How did u do that ? my debian doesnt warn my users like that. What Distribution are u using here? Or is this some custom made login script ?

Last login: Wed Mar  4 17:42:18 2009 from cliserv
[user1@ldapclisrv ~]$
[user1@ldapclisrv ~]$
[user1@ldapclisrv ~]$ passwd
Changing password for user user1.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Can't contact LDAP server
Must supply old password to be changed as well as new one
passwd: Permission denied
[user1@ldapclisrv ~]$

As you can see, I can login using LDAP ID, and I can change user1 password if I use ldappasswd, entering all ldap information, but I would like to make it simpler.
the PAM Stacks at /etc/pam.d/common-* are very important. a misconfiguration there can lead to such situations. if happends on password change only and if ldap account is still "valid" it may be the /etc/pam.d/common-password file.

please post all your common-* PAM files here including your /etc/pam.d/passwd if available.