LDAP Password changing
Neil Marjoram
n.marjoram at adastral.ucl.ac.uk
Thu Jul 15 09:31:00 UTC 2004
Can anyone help me with changing passwords in an LDAP database ?
I have set up a proxy user with write access to the database, but I
think the error is client side and lies somewhere in the PAM config.
The error I receive is :
bash-2.05b$ passwd
Changing password for user testuser.
passwd: Authentication token manipulation error
The same error occurs if I use root to try and change the password.
I have the /etc/ldap.conf set correctly with /etc/ldap.secret containing
the proxyuser password.
I get no output to the syslog on the client.
I get this out in the slapd log file :
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 fd=54 ACCEPT from
IP=x.x.x.x:33229 (IP=0.0.0.0:636)
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=0 BIND
dn="cn=proxyuser,dc=mydomain,dc=uk" method=128
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=0 BIND
dn="cn=proxyuser,dc=mydomain,dc=uk" mech=SIMPLE ssf=0
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=0 RESULT tag=97 err=0
text=
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=1 SRCH
base="ou=People,dc=mydomain,dc=uk" scope=1
filter="(&(objectClass=posixAccount)(uidNumber=500))"
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 15 10:27:38 ipswich slapd[6981]: conn=171 fd=54 closed
ACL :
access to dn=".*,dc=adastral,dc=ucl,dc=ac,dc=uk" attr=userPassword
by dn="cn=Manager,dc=adastral,dc=ucl,dc=ac,dc=uk" write
by dn="cn=proxyuser,dc=adastral,dc=ucl,dc=ac,dc=uk" write
by self write
by * auth
access to dn=".*,dc=adastral,dc=ucl,dc=ac,dc=uk" attr=mail
by dn="cn=Manager,dc=adastral,dc=ucl,dc=ac,dc=uk" write
by dn="cn=proxyuser,dc=adastral,dc=ucl,dc=ac,dc=uk" write
by self write
by * read
access to dn=".*,ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk"
by * read
access to dn=".*,dc=adastral,dc=ucl,dc=ac,dc=uk"
by self write
by * read
The /etc/ldap.conf is correctly set.
Thanks for your help,
Neil.
More information about the fedora-list
mailing list