I am having an issue with my 'chain' bind password getting changed instead of the user's password.
In a Red Hat Linux environment, running OpenLDAP 2.3.43(-3.el5 RPM from RH), I am using a master-slave setup, with chaining (as opposed to referral) as a method to allow users to change passwords (most LDAP clients hit the slave). Because I have some other issues when I set (nss_ldap) 'pam_password md5'in ldap.conf, I tried setting it to 'pam_password exop' instead. But, with this setting, when a user attempts a password change from one of the Linux clients, the ldap chain BIND password is changed on the master, instead of the user's password.
In my slave slapd.conf, I have:
#################################################################### # Chain to Master for updates overlay chain chain-uri "ldap://10.10.1.191" chain-idassert-bind bindmethod="simple" binddn="cn=ldapChain,o=myorg,dc=myco,dc=net" credentials="ldapChain" mode="none" # mode="self" chain-max-depth 2 chain-return-error TRUE chain-rebind-as-user TRUE
####################################################################### # To sync with the LDAP Master database using syncrepl syncrepl rid=222 type=refreshAndPersist provider=ldap://10.10.1.191 retry="30 10 300 3" searchbase="dc=myco,dc=net" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=syncRepl,o=myorg,dc=myco,dc=net" credentials="syncRepl"
updateref ldap://10.10.1.191 ####################################################################
SO, for example, when some user, say 'userbob' issues a 'passwd' and attempts to change his password from a Linux LDAP client (configured to hit the slave LDAP server), the password for "cn=ldapChain,o=myorg,dc=myco,dc=net" instead gets changed. The users password does not get changed.
Anyone know what I could possibly have mis-configured that would cause this?
Thanks in advance, Joe
_________________________________________________________________ Chat with Messenger straight from your Hotmail inbox. http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?oc...