[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password Issues between provider and consumer

Everything is setup on RHEL 6.4 with Openldap 2.4.

I have one provider and one consumer. StartTLS has been enabled and everything is working as intended. My only problem arises here -
When a user is setup with a password and he tries to change his password on a consumer pointing client,  I get a passwd: Authentication token manipulation error. This message is misleading since the password is in fact changed on the provider ( I have the olcUpdateRef directive setup). This creates a situation where the user can login to consumer pointed boxes with his old password and provider pointed boxes with his new password. If the user tries to change his password for the second time on consumer pointed boxes, I get  Password change failed. Server message: unwilling to verify old password passwd: Authentication token manipulation error which understandably is because the password in the actual LDAP db is different from what is being supplied and being accepted by the client. What is going on here? Why isn’t the password not getting updated properly in the consumer?

Here are some of the relevant snippets of configs -
For Syncrepl in olcDatabase={2}bdb.ldif on consumer

###For Replication

olcSyncrepl: rid=100



  retry="60 30 300 +"









olcUpdateRef: ldap://server.com

ACL on provider -

lcAccess: to attrs=userPassword

       by self write

       by dn.base="cn=Manager,dc=ex,dc=example,dc=com" write

       by anonymous auth

       by * none

olcAccess: to *

       by self write

       by dn.base="cn=Manager,dc=ex,dc=example,dc=com" write

       by users read

olcAccess: to attrs=entry

       by dn.base="cn=Manager,dc=ex,dc=example,dc=com" write

       by * read

Let me know if any more configs are needed and I will post them. Any help is appreciated.

Siddharth Choure
Senior Systems Engineer