[ale] LDAP Experts
Allgood, John
jallgood at ohl.com
Thu Jun 24 09:00:09 EDT 2010
Yeah the posix schemas are loaded and I have my ACLs working. I changed my /etc/ldap.conf and set pam_password to exop. Everything work find with changing the password using passwd but now password history and check_password that was borrowed from the ltb-project is not working. I think it has something to do with the format the passwords are stored in. Thanks for the input.
John Allgood
Senior Systems Administrator
OHL Transportation Services
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051 fax: (770) 531-7878
jallgood at ohl.com<mailto:jallgood at ohl.com>
www.ohl.com<http://www.ohl.com>
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jerald Sheets
Sent: Wednesday, June 23, 2010 11:27 AM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] LDAP Experts
On Wed, Jun 23, 2010 at 11:05 AM, Allgood, John <jallgood at ohl.com<mailto:jallgood at ohl.com>> wrote:
Hey Guys
Anyone here using ldap? I have built openldap 2.4.21 on Centos 5.5 and have setup ppolicy and smbk5.
openldap 2.3.27-8.el5_1.3 over RHEL 5.2 with no ppolicy or smbk5
Everything works fine when using ldappasswd to set the password. When I force a pwdReset the system forces me to use the passwd program which does not update everything in ldap correctly nor adhere to my ppolicy.
Did you load the POSIX schemas?
Does your slapd credentials stuff look sorta like this:
##################################
#
# Grant access to Change Password
#
##################################
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=admin,,dc=your,dc=domain" write
by * none
access to *
by self write
by dn.base="cn=admin,dc=your,dc=domain" write
by * read
have you tried using something like Apache's Directory Studio to do password changes instead? Most of my management gets done through there.
I assume it is something in /etc/pam.d/system-auth but not much familiar with pam. I thought about creating a script and linking the passwd program to that script but not sure how that would behave when forced to change the password via GDM.
The only thing I use in system-auth is
session required pam_mkhomedir.so
to automagically create user directories on first login. Everything else is DIST.
Sorry if the issues are being introduced through the ppolicy or smbk5, as I have no help for you there.
--jms
______________________________________________________
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100624/aa453b1d/attachment-0001.html
More information about the Ale
mailing list