Hello On Fri, Mar 1, 2013 at 3:48 AM, Fosiul Alam <fosiul@xxxxxxxxx> wrote: > Hi Expert > > We have 389 server installed with ssl enabled. > When we try to change password from centos 5 servers its fine . but > from centos 6, i get bellow error : > > Changing password for user testuser > Enter login(LDAP) password: > New password: > Retype new password: > LDAP password information update failed: Constraint violation > invalid password syntax - passwords with storage scheme are not allowed > passwd: Authentication token manipulation error > > > we have this in /etc/ldap.conf > > ssl start_tls > tls_cacertfile /etc/openldap/cert/ourcert.crt > pam_password clear > > > same /etc/ldap.conf works fine in centos5 but for centos6 its looks > like not working > Before RHEL6, we used the /etc/ldap.conf configuration file, since the 'nss_ldap' package provided /etc/ldap.conf for both nss_ldap and pam_ldap configuration. - In RHEL6.0 the 'nss_ldap' package was replaced by two packages: - 'nss-pam-ldapd', which uses the /etc/nslcd.conf configuration file. - 'pam_ldap', which uses the '/etc/pam_ldap.conf' configuration file. In RHEL6 Ldap client side configuration can be done either using nslcd (provided by nss-pam-ldapd) or using SSSD(recommended). nss-pam-ldapd The nss-pam-ldapd provides the nss-pam-ldapd daemon (nslcd) which uses a directory server to look up name service information on behalf of a lightweight nsswitch module. The authentication part is handled by pam_ldap from http://www.padl.com/OSS/nss_ldap.html. Currently nss-pam-ldapd's own pam_ldap is disabled. You need to configure /etc/pam_ldap.conf & /etc/nslcd.conf to get ldap client working if you want to configure using NSLCD. nslcd uses configuration information from /etc/nslcd.conf file and pam_ldap uses /etc/pam_ldap.conf file(If authconfig is used, both the files are updated automatically). SSSD The System Security Services Daemon (SSSD) is a service which provides access to different identity and authentication providers. You can configure SSSD to use a native LDAP domain (that is, an LDAP identity provider with LDAP authentication), or an LDAP identity provider with Kerberos authentication. It provides an NSS and PAM interface to the system, and a pluggable back-end system to connect to multiple different account sources. SSSD uses the configuration information from /etc/sssd.conf file for identity lookup and authentication. > what shall i do ?? > > Thanks for help > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users HTH Regards Arpit Tolani -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
