Ldap is complaining that the password provided by poppasswd doesn't match the one in the LDAP directory for the user. Pam_LDAP binds as a user in order to retrieve certain privileged fields, such as userPassword (at least, it should if you have properly set up your access control lists in /etc/openldap/slapd.conf. And you HAVE set them up, right?).
I suggest you test the supplied password using ldapsearch, doing something like this:
ldapsearch -x -D "uid=user,ou=People,o=silex technologies;c=us" -W "uid=user,ou=People,o=silex technologies;c=us" userPassword
If the user's supplied password is correct, you should get LDAP's userPassword entry for that person. This should be the same query that poppasswd is performing.
Seeing that the bottom of the poppasswd page says "poppasswd is run as root in order to change passwords," I'm not sure it will really play nicely with LDAP. Very few Googles seem to mention them together:
http://www.google.com/search?q=poppasswd+ldap+bind&hl=en&lr=&ie=UTF-8&start=0&sa=N
Mark
Tanner Lovelace wrote:
Ah, that makes sense. Running the passwd command as root when using
local files will work fine, but ldap has it's own access control
system. You could check into setting up a proxy user, but that's
getting way beyond my knowledge of ldap. Anyone else have any suggestions?
--
Mark Turner Siteseers Inc.
www.markturner.net Open Source Solutions
www.siteseers.net_______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
