At Wed, 20 Sep 2017 09:09:23 +0200 =?UTF-8?Q?Cl=c3=a9ment_OUDOT?= <[email protected]> wrote:
> > > > Le 19/09/2017 =C3=A0 18:45, Robert Heller a =C3=A9crit : > > I am having a hard time setting a user password using ldap (OpenLDAP > > 2.4.40-13.el7) on a CentOS 7 system. > > > > I have installed OpenLDAP 2.4.40-13.el7 (stock CentOS 7 server and clie= > nt), > > nss-pam-ldapd (0.8.13-8.el7) and used authconfig to enable ldap. I have > > created a user in the ldap database, and getent works just fine -- the = > uid and > > gid are seen, etc. But I cannot set the user's password in a way that w= > orks > > for su (and presumably login/slogin, etc.). I am using ldappasswd to s= > et the > > user's password. > > > > I am thinking that PAM and ldappasswd are using *different* oneway encr= > yption > > methods and I am guessing I need to update a configuration somewhere (e= > ither > > for pam, sssd, or nslcd), but I am not finding it. > > PAM is an LDAP client so does not read the password, it just sends BIND=20 > requests and OpenLDAP server then check the passsword by using the=20 > hashing method corresponding to the current password value. > > Can you check in your server ACLs (olcAccess parameter) that anonymous=20 > users have the 'auth' right on userPassword attribute? OK, I will check... > > --=20 > Cl=C3=A9ment OUDOT > Consultant en logiciels libres, Expert infrastructure et s=C3=A9curit=C3=A9 > Savoir-faire Linux > 137 boulevard de Magenta - 75010 PARIS > Blog: http://sflx.ca/coudot > > > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services [email protected] -- Webhosting Services
