This is a shot in the dark,
but have you tried specifying:
pam_password exop
..in /etc/ldap.conf?
I suggest this because you mention ldappasswd seems to do the job, and
ldappasswd uses the password change extended operation to do its work.
Philip Kime wrote:
Any pointers welcome. This is on RHEL4 and FDS 1.0.2. pam_ldap moans
about referrals when the first LDAP server in ldap.conf is a
consumer-only. No problem if it's talking to a read-write master.
# passwd test
Changing password for user test.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Referral
I tried nss_ldap-226 and nss-ldap-253 which comes with an updated
pam_ldap. I have
referrals yes
in ldap.conf
I can do a manual ldappasswd update to the consumer and it works,
presumably referring to a writable master ok (thought I can't see
anything about referrals in the ldappasswd debugging output, nor
nothing in the master logs).
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
