[ale] LDAP Experts
Jerald Sheets
questy at gmail.com
Wed Jun 23 11:26:59 EDT 2010
On Wed, Jun 23, 2010 at 11:05 AM, Allgood, John <jallgood at ohl.com> wrote:
> Hey Guys
>
>
>
> Anyone here using ldap? I have built openldap 2.4.21 on Centos 5.5 and have
> setup ppolicy and smbk5.
>
openldap 2.3.27-8.el5_1.3 over RHEL 5.2 with no ppolicy or smbk5
> Everything works fine when using ldappasswd to set the password. When I
> force a pwdReset the system forces me to use the passwd program which does
> not update everything in ldap correctly nor adhere to my ppolicy.
>
Did you load the POSIX schemas?
Does your slapd credentials stuff look sorta like this:
##################################
#
# Grant access to Change Password
#
##################################
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=admin,,dc=your,dc=domain" write
by * none
access to *
by self write
by dn.base="cn=admin,dc=your,dc=domain" write
by * read
have you tried using something like Apache's Directory Studio to do password
changes instead? Most of my management gets done through there.
I assume it is something in /etc/pam.d/system-auth but not much familiar
> with pam. I thought about creating a script and linking the passwd program
> to that script but not sure how that would behave when forced to change the
> password via GDM.
>
>
> The only thing I use in system-auth is
session required pam_mkhomedir.so
to automagically create user directories on first login. Everything else is
DIST.
Sorry if the issues are being introduced through the ppolicy or smbk5, as I
have no help for you there.
--jms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100623/0fd5b4b4/attachment.html
More information about the Ale
mailing list