[ale] LDAP Experts

Jerald Sheets questy at gmail.com
Wed Jun 23 11:26:59 EDT 2010


On Wed, Jun 23, 2010 at 11:05 AM, Allgood, John <jallgood at ohl.com> wrote:

>  Hey Guys
>
>
>
> Anyone here using ldap? I have built openldap 2.4.21 on Centos 5.5 and have
> setup ppolicy and smbk5.
>

openldap 2.3.27-8.el5_1.3 over RHEL 5.2 with no ppolicy or smbk5


> Everything works fine when using ldappasswd to set the password. When I
> force a pwdReset the system forces me to use the passwd program which does
> not update everything in ldap correctly nor adhere to my ppolicy.
>

Did you load the POSIX schemas?
Does your slapd credentials stuff look sorta like this:

##################################
#
# Grant access to Change Password
#
##################################

access to attrs=userPassword
   by self write
   by anonymous auth
   by dn.base="cn=admin,,dc=your,dc=domain" write
   by * none

access to *
   by self write
   by dn.base="cn=admin,dc=your,dc=domain" write
   by * read


have you tried using something like Apache's Directory Studio to do password
changes instead?  Most of my management gets done through there.

I assume it is something in /etc/pam.d/system-auth but not much familiar
> with pam. I thought about creating a script and linking the passwd program
> to that script but not sure how that would behave when forced to change the
> password via GDM.
>
>
>  The only thing I use in system-auth is

session     required     pam_mkhomedir.so

to automagically create user directories on first login.  Everything else is
DIST.

Sorry if the issues are being introduced through the ppolicy or smbk5, as I
have no help for you there.


--jms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100623/0fd5b4b4/attachment.html 


More information about the Ale mailing list