[Date Prev][Date Next]
Re: Issues when changing LDAP password
Am 09.03.2009 15:00, Gustavo Mendes de Carvalho schrieb:
I'm running an LDAP server version 2.3.39 and I'm using ppolicy to
force users in some specific things, but I'm having some issue when I
try to change my user's password with passwd command.
Here's the output screen
[user1@cliserv ~]$ ssh ldapclisrv
Your LDAP password will expire in 10 days.
WOW! How did u do that ? my debian doesnt warn my users like that. What
Distribution are u using here? Or is this some custom made login script ?
the PAM Stacks at /etc/pam.d/common-* are very important. a
misconfiguration there can lead to such situations. if happends on
password change only and if ldap account is still "valid" it may be the
Last login: Wed Mar 4 17:42:18 2009 from cliserv
[user1@ldapclisrv ~]$ passwd
Changing password for user user1.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Can't contact LDAP server
Must supply old password to be changed as well as new one
passwd: Permission denied
As you can see, I can login using LDAP ID, and I can change user1
password if I use ldappasswd, entering all ldap information, but I
would like to make it simpler.
please post all your common-* PAM files here including your
/etc/pam.d/passwd if available.