-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/2010 09:10 AM, Volker Potworowski wrote: > Hallo zusammen, > > am Samstag, 9. Oktober 2010 schrieb Gordon Messmer: >> On 10/06/2010 01:28 PM, Volker Potworowski wrote: >>> I have the directive >>> pam_password exop >>> in /etc/ldap.conf. Hope this is enough (but doesn't work anyway). >> >> sss doesn't use /etc/ldap.conf. Check /etc/sssd/sssd.conf. > > I do not see an option in sssd.conf to enable LDAP Password Changes in > sssd.conf (I already set chpass_provider = ldap). > > Is there another option I should enable? > No, in sssd.conf all you need for enabling password changes is to have chpass_provider=ldap and the ldap_uri set correctly. As seen in other replies to this thread, the problem is due to the ACIs on your OpenLDAP server. The client is configured properly already. > Here is my complete /etc/sssd.conf: > > [sssd] > config_file_version = 2 > reconnection_retries = 3 > sbus_timeout = 30 > services = nss, pam > domains = default > [nss] > filter_groups = root > filter_users = root > reconnection_retries = 3 > [pam] > reconnection_retries = 3 > [domain/default] > auth_provider = ldap > cache_credentials = True > ldap_id_use_start_tls = True > debug_level = 0 > enumerate = True > ldap_schema = rfc2307 > ldap_search_base = dc=teraphim,dc=de > chpass_provider = ldap > id_provider = ldap > min_id = 500 > ldap_uri = ldap://ldap.teraphim.de > ldap_tls_cacertdir = /etc/openldap/cacerts > > - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyx9+UACgkQeiVVYja6o6NIsQCfZPzU7QvJxmAIYjfL7izY47qY RzsAn20n7W3nN7+vFUyR9hs+yWki/Gde =EVFz -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
