I am working on a fairly simple DS system - one master and about 12 replication slaves. I didn't go multimaster because we don't have enough servers to justify that... but anyway.
We've had a consistent problem for years with password changing - which I'm trying to fix. It used to be that changing passwords simply didn't work. I rebuilt the whole infrastructure to refer back to the replication master and added pam_password exop to the ldap.conf files. Now changing passwords works... sort of. When changing a password, it prompts for the password and the new password, and dutifully changes it on the server, gets the referral back, tries to follow it - and the server says "invalid credentials" and refuses to do the change. So I end up with our servers out of sync - the new password on the slave server and the old server still thinking it has the old password. Obviously that's not acceptable.
I tried exop_send_old, it doesn't do any better. I'm running the latest version of nss_ldap. Anyone have any suggestions as to why the slave servers are allowing the credentials but the master isn't?
Thanks,
--Russell
We've had a consistent problem for years with password changing - which I'm trying to fix. It used to be that changing passwords simply didn't work. I rebuilt the whole infrastructure to refer back to the replication master and added pam_password exop to the ldap.conf files. Now changing passwords works... sort of. When changing a password, it prompts for the password and the new password, and dutifully changes it on the server, gets the referral back, tries to follow it - and the server says "invalid credentials" and refuses to do the change. So I end up with our servers out of sync - the new password on the slave server and the old server still thinking it has the old password. Obviously that's not acceptable.
I tried exop_send_old, it doesn't do any better. I'm running the latest version of nss_ldap. Anyone have any suggestions as to why the slave servers are allowing the credentials but the master isn't?
Thanks,
--Russell
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
