Hi! So I can into yet another pot-hole in the road to LDAP bliss... We have a root suffix in our directory that stores the basic Posix attributes including password, I've been able to configure my client to use ldap for directory services, and authenticate against my replica's, so far so good! Then I tried to change my users password .. and thats where I started getting a bit hung up.. At first I thought that it was because my replicas weren't sending the update request/ referrals back to the masters. (We have two masters that sit behind four consumers) Then I decided to change my ldap.conf files to point directly to my masters.... but I still receaved the same errors "Can't contact LDAP Server" , which was strange since I can do ldap searches against it all day, and even bind to the servers to do searches! and Insufficient write privileges, which made me think that maybe it was an ACI.. but I have selfwrite enabled for the userPassword attribute... Here's the output of my failed attempt to change my user's password after logging in successfully to the server.. Changing password for user foo. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Can't contact LDAP server Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=foo,ou=people,dc=dept,dc=school,dc=edu'. passwd: Permission denied If anyone has any thought I'd be grateful! I'm pretty perplexed! Best, Tim
