Le 19/09/2017 à 18:45, Robert Heller a écrit :
I am having a hard time setting a user password using ldap (OpenLDAP 2.4.40-13.el7) on a CentOS 7 system.
I have installed OpenLDAP 2.4.40-13.el7 (stock CentOS 7 server and client), nss-pam-ldapd (0.8.13-8.el7) and used authconfig to enable ldap. I have created a user in the ldap database, and getent works just fine -- the uid and gid are seen, etc. But I cannot set the user's password in a way that works for su (and presumably login/slogin, etc.). I am using ldappasswd to set the user's password.
I am thinking that PAM and ldappasswd are using *different* oneway encryption methods and I am guessing I need to update a configuration somewhere (either for pam, sssd, or nslcd), but I am not finding it.
PAM is an LDAP client so does not read the password, it just sends BIND requests and OpenLDAP server then check the passsword by using the hashing method corresponding to the current password value.
Can you check in your server ACLs (olcAccess parameter) that anonymous users have the 'auth' right on userPassword attribute?