This is a shot in the dark, but have you tried specifying: pam_password exop ..in /etc/ldap.conf? I suggest this because you mention ldappasswd seems to do the job, and ldappasswd uses the password change extended operation to do its work. Philip Kime wrote: > Any pointers welcome. This is on RHEL4 and FDS 1.0.2. pam_ldap moans > about referrals when the first LDAP server in ldap.conf is a > consumer-only. No problem if it's talking to a read-write master. > > # passwd test > Changing password for user test. > Enter login(LDAP) password: > New UNIX password: > Retype new UNIX password: > LDAP password information update failed: Referral > > I tried nss_ldap-226 and nss-ldap-253 which comes with an updated > pam_ldap. I have > > referrals yes > > in ldap.conf > > I can do a manual ldappasswd update to the consumer and it works, > presumably referring to a writable master ok (thought I can't see > anything about referrals in the ldappasswd debugging output, nor > nothing in the master logs). > > PK > > > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
