Hello the list,
I'm new here, new at OpenLDAP and I have an issue.
I've search for many time now an explanation but I saw nothing.
Here is my problem.
I ran a OpenLDAP server on a Debian VM
# slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Jul 23 2010 21:37:26) $
@barber:/build/buildd-openldap_2.4.11-1+lenny2-amd64-WJ2jlD/openldap-2.4.11/debian/build/servers/slapd
I have many direct client (desktop computer who query the ldap server) and everything work well.
I made this ACL on slapd.conf to allow users to change there password:
access to attrs=userPassword,shadowLastChange by self write by dn="cn=syncuser,dc=example,dc=com" read by anonymous auth by * none
access to * by self write by * read
And it works fine.
These are the only ACL I have.
I also have 2 replications of this LDAP Server.
syncrepl rid=002 provider=ldaps://ldap.example.com type=refreshOnly interval=00:01:00:00 retry="60 10 300 +" filter="(objectClass=*)" scope=sub attrs="*" bindmethod=simple schemachecking=off searchbase="dc=example,dc=com" binddn="cn=syncuser,dc=example,dc=com" credentials=youdonthavetoknow tls_reqcert=never
The replications work well to and user can connect to those replication computer (I don't have client of those replication).
But the trouble is when a user, connected to these replication try to change his password:
% passwd Enter login(LDAP) password: New password: Re-enter new password: LDAP password information update failed: Strong(er) authentication required modifications require authentication passwd: Permission denied passwd: password unchanged
In the /var/log/auth.log file I found:
Apr 4 16:10:45 ovhstorage sshd[22056]: pam_unix(sshd:account): password for user test will expire in 4 days Apr 4 16:10:45 ovhstorage sshd[22056]: Accepted publickey for test from 88.162.182.86 port 49955 ssh2 Apr 4 16:10:45 ovhstorage sshd[22056]: pam_unix(sshd:session): session opened for user test by (uid=0) Apr 4 16:10:48 ovhstorage passwd[22064]: pam_unix(passwd:chauthtok): user "test" does not exist in /etc/passwd Apr 4 16:10:55 ovhstorage passwd[22064]: pam_unix(passwd:chauthtok): user "test" does not exist in /etc/passwd
I know that modification must be done on the master server,but how can I send modifications to the master. Did I have to use "referrals"?
Thanks in advance for giving the correct pointers.
Best regards Jacques Foucry