[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: password changing problems
On Monday 21 July 2008 21:08:57 Ron Echeverri wrote:
> >I've set up OpenLDAP 2.4.10 and have been using phpldapadmin for user
> >management. The machines in our QA environment are set up to allow
>
> LDAP
>
> >users to log in, and they are also able to change their password via
>
> the
>
> >passwd command. However, they are only able to do this once; if they
> >attempt it again, it bounces back with "LDAP Password incorrect: try
> >again". They are able to log out and in regardless, but passwd will
>
> not
>
> >accept their password in order to change it. If the user's password is
> >reset in phpldapadmin, again they are able to change the password once,
> >and no more.
>
> I'd like to thank Kim Nguyen for giving me the solution to my problem:
> reconfiguring OpenLDAP with --enable-crypt (which, inexplicably, is off
> by default). Once i recompiled slapd, i was able to change passwords as
> often as i liked.
Maybe you should rather use
pam_password exop
in /etc/ldap.conf, and ensure that you are using pam_ldap for authentication,
and not nss_ldap->pam_unix which limits you to the insufficiently encrypted
crypt hash.
Regards,
Buchan