Hello,
First of all, thanks a lot for your answer. in the end I skip trying to make the directory works and I went for the usual slapd.conf file with success. Now I'm stuck because the clients are unable to change it's password. This is a RHEL 6 server with compat-openldap-2.4.19_2.3.43-15.el6.x86_64 openldap-devel-2.4.19-15.el6.x86_64 openldap-2.4.19-15.el6.x86_64 openldap-servers-2.4.19-15.el6.x86_64 openldap-clients-2.4.19-15.el6.x86_64
the slapd.conf interesting part: access to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=linux,dc=imppc,dc=org" write by * none
access to * by dn="cn=admin,dc=linux,dc=imppc,dc=org" write by * read
access to * by dn="cn=admin,dc=linux,dc=imppc,dc=org" write by * read
This is the client rpms (fedora 14) openldap-2.4.22-7.fc14.x86_64 openldap-devel-2.4.22-7.fc14.x86_64 openldap-2.4.22-7.fc14.i686 openldap-clients-2.4.22-7.fc14.x86_64
And the problem is this: -bash-4.1$ passwd Changing password for user user1. Enter login(LDAP) password: New password: Retype new password: LDAP password information update failed: Insufficient access passwd: Authentication token manipulation error
I have to mention that I had to made some changes in order to simply be able to query for a user. Ldapsearch worked but in order to do something like : id user1 or su - user1 I had to change /etc/sysconfig/authconfig with FORCELEGACY=yes #FORCELEGACY=no In this way I have been able to modify /etc/nsswitch with ldap values when running authconfig-tui. The point is that in fedora seems that auth is managed by sss and without this entry I'm not able to id or su, but if I don't put the ldap keyword, I'm not even asked for the Enter login(LDAP) password: but I'm asked for the password in the machine which ends up in a "system error -4" because the system doesn't recognize the user.
Prior to change the version I would like to make this one work...
I don't know if I made myself clear enough, hope you can help me and I really thank you in advance for any help you can provide. Sincerely, j On 03/31/2011 09:09 PM, Quanah Gibson-Mount wrote:
--On Thursday, March 31, 2011 11:04 AM +0200 Judith Flo Gaya jflo@imppc.org wrote:
ldif_back_add: err: 68 text: send_ldap_result: conn=-1 op=0 p=0 slaptest: bad configuration directory!
error code 68 means entry already exists. It may simply be that slaptest isn't working correctly with the config db. You could of course try -d -1 to get better logging results rather than -d 1.
I would also note that you are using a rather old version of OpenLDAP with numerous known bugs. I would strongly advise you to build a more recent version.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration