LDAP Password changing

Neil Marjoram n.marjoram at adastral.ucl.ac.uk
Thu Jul 15 09:31:00 UTC 2004 

Can anyone help me with changing passwords in an LDAP database ? 

I have set up a proxy user with write access to the database, but I
think the error is client side and lies somewhere in the PAM config.

The error I receive is :

bash-2.05b$ passwd
Changing password for user testuser.
passwd: Authentication token manipulation error

The same error occurs if I use root to try and change the password.

I have the /etc/ldap.conf set correctly with /etc/ldap.secret containing
the proxyuser password.

I get no output to the syslog on the client.

I get this out in the slapd log file :

Jul 15 10:27:36 ipswich slapd[6981]: conn=171 fd=54 ACCEPT from
IP=x.x.x.x:33229 (IP=0.0.0.0:636)
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=0 BIND
dn="cn=proxyuser,dc=mydomain,dc=uk" method=128
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=0 BIND
dn="cn=proxyuser,dc=mydomain,dc=uk" mech=SIMPLE ssf=0
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=0 RESULT tag=97 err=0
text=
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=1 SRCH
base="ou=People,dc=mydomain,dc=uk" scope=1
filter="(&(objectClass=posixAccount)(uidNumber=500))"
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Jul 15 10:27:36 ipswich slapd[6981]: conn=171 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jul 15 10:27:38 ipswich slapd[6981]: conn=171 fd=54 closed

ACL :

access to dn=".*,dc=adastral,dc=ucl,dc=ac,dc=uk" attr=userPassword
        by dn="cn=Manager,dc=adastral,dc=ucl,dc=ac,dc=uk" write
        by dn="cn=proxyuser,dc=adastral,dc=ucl,dc=ac,dc=uk" write
        by self write
        by * auth

access to dn=".*,dc=adastral,dc=ucl,dc=ac,dc=uk" attr=mail
        by dn="cn=Manager,dc=adastral,dc=ucl,dc=ac,dc=uk" write
        by dn="cn=proxyuser,dc=adastral,dc=ucl,dc=ac,dc=uk" write
        by self write
        by * read

access to dn=".*,ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk"
        by * read

access to dn=".*,dc=adastral,dc=ucl,dc=ac,dc=uk"
        by self write
        by * read


The /etc/ldap.conf is correctly set.

Thanks for your help,


Neil.

More information about the fedora-list mailing list