I am having an issue with my 'chain' bind password getting changed instead of the
user's password.
In a Red Hat Linux environment, running OpenLDAP 2.3.43(-3.el5 RPM from RH), I am using a
master-slave setup, with chaining (as opposed to referral) as a method to allow users to
change passwords (most LDAP clients hit the slave). Because I have some other issues when
I set (nss_ldap) 'pam_password md5'in ldap.conf, I tried setting it to
'pam_password exop' instead. But, with this setting, when a user attempts a
password change from one of the Linux clients, the ldap chain BIND password is changed on
the master, instead of the user's password.
In my slave slapd.conf, I have:
####################################################################
# Chain to Master for updates
overlay chain
chain-uri "ldap://10.10.1.191"
chain-idassert-bind bindmethod="simple"
binddn="cn=ldapChain,o=myorg,dc=myco,dc=net"
credentials="ldapChain"
mode="none"
# mode="self"
chain-max-depth 2
chain-return-error TRUE
chain-rebind-as-user TRUE
#######################################################################
# To sync with the LDAP Master database using syncrepl
syncrepl rid=222
type=refreshAndPersist
provider=ldap://10.10.1.191
retry="30 10 300 3"
searchbase="dc=myco,dc=net"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=syncRepl,o=myorg,dc=myco,dc=net"
credentials="syncRepl"
updateref ldap://10.10.1.191
####################################################################
SO, for example, when some user, say 'userbob' issues a 'passwd' and
attempts to change his password from a Linux LDAP client (configured to hit the slave LDAP
server), the password for "cn=ldapChain,o=myorg,dc=myco,dc=net" instead gets
changed. The users password does not get changed.
Anyone know what I could possibly have mis-configured that would cause this?
Thanks in advance,
Joe
_________________________________________________________________
Chat with Messenger straight from your Hotmail inbox.
http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx...