On Monday 21 July 2008 21:08:57 Ron Echeverri wrote:
I've set up OpenLDAP 2.4.10 and have been using phpldapadmin for user management. The machines in our QA environment are set up to allow
LDAP
users to log in, and they are also able to change their password via
the
passwd command. However, they are only able to do this once; if they attempt it again, it bounces back with "LDAP Password incorrect: try again". They are able to log out and in regardless, but passwd will
not
accept their password in order to change it. If the user's password is reset in phpldapadmin, again they are able to change the password once, and no more.
I'd like to thank Kim Nguyen for giving me the solution to my problem: reconfiguring OpenLDAP with --enable-crypt (which, inexplicably, is off by default). Once i recompiled slapd, i was able to change passwords as often as i liked.
Maybe you should rather use
pam_password exop
in /etc/ldap.conf, and ensure that you are using pam_ldap for authentication, and not nss_ldap->pam_unix which limits you to the insufficiently encrypted crypt hash.
Regards, Buchan