<br><div class="gmail_quote">On Wed, Jun 23, 2010 at 11:05 AM, Allgood, John <span dir="ltr"><<a href="mailto:jallgood@ohl.com">jallgood@ohl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">Hey Guys</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Anyone here using ldap? I have built openldap 2.4.21 on
Centos 5.5 and have setup ppolicy and smbk5. </p></div></div></blockquote><div><br></div><div>openldap 2.3.27-8.el5_1.3 over RHEL 5.2 with no ppolicy or smbk5</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">Everything works fine when using
ldappasswd to set the password. When I force a pwdReset the system forces me to
use the passwd program which does not update everything in ldap correctly nor
adhere to my ppolicy. </p></div></div></blockquote><div><br></div><div>Did you load the POSIX schemas?</div><div>Does your slapd credentials stuff look sorta like this:</div><div><br></div><div><div>##################################</div>
<div>#</div><div># Grant access to Change Password</div><div>#</div><div>##################################</div><div><br></div><div>access to attrs=userPassword</div><div> by self write</div><div> by anonymous auth</div>
<div> by dn.base="cn=admin,,dc=your,dc=domain" write</div><div> by * none</div><div><br></div><div>access to *</div><div> by self write</div><div> by dn.base="cn=admin,dc=your,dc=domain" write</div>
<div> by * read</div></div><div><br></div><div> </div><div>have you tried using something like Apache's Directory Studio to do password changes instead? Most of my management gets done through there.</div><div><br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">I assume it is something in /etc/pam.d/system-auth but
not much familiar with pam. I thought about creating a script and linking the
passwd program to that script but not sure how that would behave when forced to
change the password via GDM.</p>
<p class="MsoNormal"><br></p></div></div></blockquote><div> The only thing I use in system-auth is </div><div><br></div><div>session required pam_mkhomedir.so</div><div><br></div><div>to automagically create user directories on first login. Everything else is DIST.</div>
<div><br></div><div>Sorry if the issues are being introduced through the ppolicy or smbk5, as I have no help for you there.</div><div><br></div><div><br></div><div>--jms</div></div>