[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap authentication and password change.

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: Openldap authentication and password change.
From: Marko Kuivalainen <guigi@pcuf.fi>
Date: Sun, 7 Oct 2001 12:43:26 +0300 (EEST)

Hi,

I have seen a lot of discussion about openldap and authentication. I have
tried to read and understand em but I still have some unsolved problems. I
hope some one who is more familiar with this could help me.

The problem is:

I have OpenLDAP 2.0.11 server on the RedHat 7.0 platform. I use nss
for user authentication. Authentication works fine but password change
doesn't. Following error occurs when I try to change password:

$ passwd
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Insufficient access


In the file slapd.conf I have following ACL definition:

defaultaccess read
access to attr=userPassword
  by self write
  by anonymous auth
  by * none


/etc/pam.d/passwd contains:

$ cat /etc/pam.d/passwd
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_pwdb.so shadow try_first_pass
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_pwdb.so


/etc/nsswitch.conf contains:

passwd:     files ldap
shadow:     files ldap
group:      files ldap


/etc/ldap.conf file have next kind of configs:

$ cat /etc/ldap.conf
host 192.168.100.2
base dc=star,dc=fi
port 389
pam_crypt local
pam_filter objectclass=posixAccount
pam_member_attribute memberuid
pam_login_attribute uid


In the LDAP directory I have the following kind of entry per each user:

# u1, people, dc=star, dc=fi
dn: cn=u1, ou=people, dc=star, dc=fi
cn: u1
sn: Test
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
uid: u1
userPassword:: e1NTSEFdVVI3Ync5WWprNWhfNXhNcEk4SCt6sU9UaC8raFlzZlA=
uidNumber: 511
gidNumber: 700
gecos: Test u1
loginShell: /bin/bash
homeDirectory: /home/u1
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0


I really dont find out what's going wrong. I would be very thankfull if
some one could guide me..

Regards,
	Marko Kuivalainen
	guigi@pcuf.fi

Follow-Ups:
- Re: Openldap authentication and password change.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: openldap/automounter on solaris
Next by Date: Re: password repository in LDAP ?
Index(es):
- Chronological
- Thread