I have been working with LDAP in a Linux environment with one LDAP server/client machine and two LDAP client machines.
I have a user defined only in the LDAP data base and can authenticate from all three client environments. Also, su and getent passwd work correctly as does id while I'm logged on as the user.
What I can't do is change the user's password (either as root or as the user).
I've tried two things, both individually and together:
1) Add the following entry to the client ldap.conf file:
pam_password exop
2) Add the following entry to the server slapd.conf:
# Restrict userPassword to be for authentication only, but allow users to modify
# their own passwords.
access to attrs=userPassword
by self write
by * auth
Neither change helps. The second change is actually disruptive and I can no longer login or su to the LDAP account while in that mode.
I must be missing something really basic but can't figure out what.
Confused in Anaheim....
**********************************************************************
This message contains confidential information intended only for the use of the addressee(s)
named above and may contain information that is legally privileged. If you are not the
addressee, or the person
responsible for delivering it to the addressee, you are hereby
notified that
reading, disseminating, distributing or copying this message is strictly
prohibited.
If you have received this message by mistake, please immediately notify us by replying to the
message and delete the original message immediately thereafter.
Thank
you.
FADLD Tag
**********************************************************************