Re: password change does not work: LDAP, sssd, nss or pam error?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/09/2010 09:10 AM, Volker Potworowski wrote:
> Hallo zusammen,
> 
> am Samstag, 9. Oktober 2010 schrieb Gordon Messmer:
>> On 10/06/2010 01:28 PM, Volker Potworowski wrote:
>>> I have the directive
>>> pam_password exop
>>> in /etc/ldap.conf. Hope this is enough (but doesn't work anyway).
>>
>> sss doesn't use /etc/ldap.conf.  Check /etc/sssd/sssd.conf.
> 
> I do not see an option in sssd.conf to enable LDAP Password Changes in 
> sssd.conf (I already set chpass_provider = ldap).
> 
> Is there another option I should enable?
> 

No, in sssd.conf all you need for enabling password changes is to have
chpass_provider=ldap and the ldap_uri set correctly.

As seen in other replies to this thread, the problem is due to the ACIs
on your OpenLDAP server. The client is configured properly already.



> Here is my complete /etc/sssd.conf:
> 
> [sssd]
> config_file_version = 2
> reconnection_retries = 3
> sbus_timeout = 30
> services = nss, pam
> domains = default
> [nss]
> filter_groups = root
> filter_users = root
> reconnection_retries = 3
> [pam]
> reconnection_retries = 3
> [domain/default]
> auth_provider = ldap
> cache_credentials = True
> ldap_id_use_start_tls = True
> debug_level = 0
> enumerate = True
> ldap_schema = rfc2307
> ldap_search_base = dc=teraphim,dc=de
> chpass_provider = ldap
> id_provider = ldap
> min_id = 500
> ldap_uri = ldap://ldap.teraphim.de
> ldap_tls_cacertdir = /etc/openldap/cacerts
> 
> 


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkyx9+UACgkQeiVVYja6o6NIsQCfZPzU7QvJxmAIYjfL7izY47qY
RzsAn20n7W3nN7+vFUyR9hs+yWki/Gde
=EVFz
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux