View previous topic :: View next topic |
Author |
Message |
Microft n00b
Joined: 27 Oct 2002 Posts: 40 Location: Arnsberg, Germany
|
Posted: Tue Dec 03, 2002 5:48 pm Post subject: LDAP password information update failed: Unknown error |
|
|
Hi!
I tried to use LDAP as a NIS-Replacement. I have now no problems to login as my LDAP-testuser on every local system.
But it's not possible to change the password of the LDAP-user. I get the following error:
Quote: |
frank@daan:~ >passwd
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Unknown error
passwd: Permission denied
|
And herer are my conf-files:
LDAP.CONF
Code: |
ldap_version 3
host theta.kappatheta.de
base dc=kappatheta,dc=de
ssl start_tls
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
|
SLAPD.CONF
Code: |
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/misc.schema
password-hash {SSHA}
pidfile /var/state/openldap/slapd.pid
argsfile /var/state/openldap/slapd.args
database ldbm
suffix "dc=kappatheta, dc=de"
rootdn "cn=Admin, dc=kappatheta, dc=de"
rootpw {SSHA}betRgBx6RGF9V+hPMEYZUvbVM06m8joh
directory /var/state/openldap/openldap-ldbm
index objectClass eq
TLSCertificateFile /etc/openldap/keys/ldap.cert
TLSCertificateKeyFile /etc/openldap/keys/ldap.key
TLSCACertificateFile /etc/openldap/keys/ca.cert
access to *
by * read
access to attr=userPassword
by self write
by anonymous auth
by * none
|
PAM.D/PASSWD
Code: |
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so try_first_pas
|
Every help is welcome
Tim |
|
Back to top |
|
|
Microft n00b
Joined: 27 Oct 2002 Posts: 40 Location: Arnsberg, Germany
|
Posted: Wed Dec 04, 2002 6:36 am Post subject: |
|
|
I found the failure. I just had to modify the access rules inside the slapd.conf a little but important bit.
Code: |
access to * attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,dc=kappatheta,dc=de" write
by * none
access to *
by self write
by * read
by dn="cn=Admin,dc=kappatheta,dc=de" write
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|