Change user Password from an AIX on openLDAP server

Hello

I'm running openldap-2.3.43 on an RHEL 5.3 All works fine (like usual) with the linux clients but I have some troubles with AIX

I have done this tests with An AIX 5.3 TL9 host.

When I change my password with AIX it runs like that

[user@host] $ passwd Changing password for "user" user's Old password: user's New password: Enter the new password again:

And it's done, over.

When I check the modification on openLDAP server the password is in clear in the field < userPassword >.

On my linux clients it ask the new password 2 times (normal ?) and is not in clear in userPassword filed.

[user@host] $ passwd Changing password for user user. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: New password: Re-enter new password: LDAP password information changed for user passwd: all authentication tokens updated successfully.

An extract of logs :

From an Aix :

Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=0 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" method=128 Sep 17 14:51:19 srvldap slapd[8270]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1 Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=0 BIND dn="uid=user,ou=users,dc= xxx,dc=xx" mech=SIMPLE ssf=0 Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=0 RESULT tag=97 err=0 text= Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=1 MOD dn="uid=user,ou=users,dc= xxx,dc=xx" Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=1 MOD attr=userpassword userpassword Sep 17 14:51:19 srvldap slapd[8270]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1 Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=1 RESULT tag=103 err=0 text= Sep 17 14:51:19 srvldap slapd[8270]: conn=9 op=2 UNBIND Sep 17 14:51:19 srvldap slapd[8270]: conn=9 fd=22 closed Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=6 SRCH base="ou=users,dc= xxx,dc= xx " scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=in205))" Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=7 MOD dn="uid=user,ou=users,dc= xxx,dc= xx " Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=7 MOD attr=shadowlastchange Sep 17 14:51:19 srvldap slapd[8270]: conn=7 op=7 RESULT tag=103 err=8 text=modifications require authentication

... some troubles ....

From Linux :

Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 fd=34 ACCEPT from IP=192.168.3.30:51023 (IP=0.0.0.0:636) Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 fd=34 TLS established tls_ssf=256 ssf=256 Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=0 BIND dn="" method=128 Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=0 RESULT tag=97 err=0 text= Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=1 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uidNumber=1001))" Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=2 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=user))" Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 6 15:37:40 srvldap slapd[2420]: conn=5764 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 6 15:37:40 srvldap slapd[2420]: conn=5765 fd=38 ACCEPT from IP=192.168.3.30:51024 (IP=0.0.0.0:636) Oct 6 15:37:40 srvldap slapd[2420]: conn=5765 fd=38 TLS established tls_ssf=256 ssf=256 Oct 6 15:37:40 srvldap slapd[2420]: conn=5765 op=0 BIND dn="" method=128 Oct 6 15:37:40 srvldap slapd[2420]: conn=5765 op=0 RESULT tag=97 err=0 text= Oct 6 15:37:40 srvldap slapd[2420]: conn=5765 op=1 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(|(&(accessTo=host22)(trustModel=byhost))(trustModel=fullaccess))(uid=user))" Oct 6 15:37:40 srvldap slapd[2420]: <= bdb_equality_candidates: (accessTo) not indexed Oct 6 15:37:40 srvldap slapd[2420]: <= bdb_equality_candidates: (trustModel) not indexed Oct 6 15:37:40 srvldap slapd[2420]: <= bdb_equality_candidates: (trustModel) not indexed Oct 6 15:37:40 srvldap slapd[2420]: conn=5765 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 6 15:37:43 srvldap slapd[2420]: conn=5765 op=2 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" method=128 Oct 6 15:37:43 srvldap slapd[2420]: conn=5765 op=2 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" mech=SIMPLE ssf=0 Oct 6 15:37:43 srvldap slapd[2420]: conn=5765 op=2 RESULT tag=97 err=0 text= Oct 6 15:37:43 srvldap slapd[2420]: conn=5765 op=3 BIND anonymous mech=implicit ssf=0 Oct 6 15:37:43 srvldap slapd[2420]: conn=5765 op=3 BIND dn="" method=128 Oct 6 15:37:43 srvldap slapd[2420]: conn=5765 op=3 RESULT tag=97 err=0 text= Oct 6 15:37:46 srvldap slapd[2420]: conn=5764 op=3 SRCH base="ou=users,dc=xxx,dc=xx" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uidNumber=1001))" Oct 6 15:37:46 srvldap slapd[2420]: conn=5764 op=3 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 6 15:37:46 srvldap slapd[2420]: conn=5764 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=4 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" method=128 Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=4 BIND dn="uid=user,ou=users,dc=xxx,dc=xx" mech=SIMPLE ssf=0 Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=4 RESULT tag=97 err=0 text= Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=5 PASSMOD id="uid=user,ou=users,dc=xxx,dc=xx" new Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=5 RESULT oid= err=0 text= Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=6 MOD dn="uid=user,ou=users,dc=xxx,dc=xx" Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=6 MOD attr=shadowLastChange Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=6 RESULT tag=103 err=0 text= Oct 6 15:37:52 srvldap slapd[2420]: conn=5764 fd=34 closed (connection lost) Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 op=7 UNBIND Oct 6 15:37:52 srvldap slapd[2420]: conn=5765 fd=38 closed

Thanks for your help.

-- Philippe Caseiro