On Thursday 17 July 2008 17:46:29 Ron Echeverri wrote:
I've set up OpenLDAP 2.4.10 and have been using phpldapadmin for user management. The machines in our QA environment are set up to allow LDAP users to log in, and they are also able to change their password via the passwd command. However, they are only able to do this once; if they attempt it again, it bounces back with "LDAP Password incorrect: try again". They are able to log out and in regardless, but passwd will not accept their password in order to change it. If the user's password is reset in phpldapadmin, again they are able to change the password once, and no more. There is no password policy configured in slapd; should there be?
Altough this is not an openldap problem, instead it has to do with your identities resolution and autenticaction and as you don't give enough details so we need to help you solve your problem I'm going to assume some things:
- You are using OpenLDAP in a LInux Distributión - You are managing the unix resolutión vía NSS_LDAP
How is your file /etc/ldap.conf??
Who is your ACLs section in your slapd.conf?
What messages do you see in your logs when a user tries to update his password?
I have loglevel set to 296, but i'm not sure what to look for.
What messages do you see in your logs when a user tries to update his password?
Are you using PAM?
thanks rone