[Date Prev][Date Next]
root cannot change user password with command "passwd", sssd, pam, openldap
- To: email@example.com
- Subject: root cannot change user password with command "passwd", sssd, pam, openldap
- From: Augustin Wolf <firstname.lastname@example.org>
- Date: Sat, 20 Jul 2013 14:59:03 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=mIs7r5sc3PWb0LlNpKZj3KoJh36P6nWhETtqvCN2ULU=; b=mqdj2OaoGujU8EJ2HH2D79ShrcTykBHlt5lGTXxqqUnVA/5burmJC++BBkpXci2Z3Z bt+2Kmea2gEuGqn7j+ttyy/SnigS6YM+ycjOi6JJC5x/YgYkjBVEsZP6kem6xfk/O/Tu ddN34KldLEX5bBvhtS+gyZw53pD+GQSjkEe5EA1Fyz71HNIiqhwJjIAF/9uOtqfq5H6A Xl/93IogF9yPlxpn5Ms4ypwFFa6FidIQbMJBkUhNmOpGxkmvyzg2Cgmgr525VHWx7Iil 4E/JwfJDPgQLm0bLfDeSlZhBsjJqCYwwwCJSkIn3h7AZyXE0+WUH/PvW1X2gH30T4wNW 48Og==
I'm using CentOs 6.4, and moved user management to OpenLDAP. As far as
it works fine for user - user can login, do `passwd` to change his
password, etc. - it fails for root to change users passwords. Root
have to use ldapmodify. Is
it normal behavior, or do I have some configuration errors?
For now, LDAP ACL was "turned off" - every user has manage permission.
I know it's a security issue, but I wanted to remove potential
interference. I will change this as soon as root can change users
SELlinux was also turned off to eliminate it's potential interference.
Iptables was "turned off", as well, though I thing it doesn't matter
as long as port 389 is open.
My configs, logs, etc are in here: http://fpaste.org/26708/
Thanks in advance,