| View previous topic :: View next topic |
| Author |
Message |
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
 Posted: Tue Feb 03, 2004 8:24 pm Post subject: LDAP problem |
 |
|
Hi,
I'm trying to get LDAP to work as a "replacement" for /etc/passwd etc.
I think I did it. However, If I am root and try to reset someones password with , I need to know the current password: | Code: | | Enter login(LDAP) password: |
Can anyone solve this? This is my pam-file in use:
| Code: | password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_ldap.so
password sufficient /lib/security/pam_unix.so nullok md5 shadow use_first_pass
password required /lib/security/pam_deny.so
|
I also tried adding 'use_first_pass' and 'try_first_pass' and 'use_authtok' to the module, but no use... |
|
| Back to top |
|
 |
polin8
n00b
Joined: 03 Oct 2002
Posts: 74
Location: Baltimore, MD USA
|
| Posted: Tue Feb 03, 2004 9:30 pm Post subject: |
|
|
| could you use the rootdn user and pass? |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Tue Feb 03, 2004 10:05 pm Post subject: |
|
|
| polin8 wrote: | | could you use the rootdn user and pass? |
if I try that I get: | Code: | | LDAP Password incorrect: try again |
if I give the old password from the user, it works...
However, as root I want to RESET a password, not change it |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Wed Feb 04, 2004 11:02 am Post subject: |
|
|
ok, for those interested: /etc/ldap.conf:
| Code: |
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=padl,dc=com
|
|
|
| Back to top |
|
|
flowctrl
n00b
Joined: 18 May 2003
Posts: 53
Location: Banff, Canada
|
| Posted: Thu Feb 05, 2004 7:03 pm Post subject: |
|
|
| nielchiano wrote: | ok, for those interested: /etc/ldap.conf:
| Code: |
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=padl,dc=com
|
|
Does this mean that uncommenting the rootbinddn line fixed it?
Another way would be to use:
| Code: |
ldappasswd -S -D "uid=${USER},ou=people,dc=yourdomain,dc=ca" -x -W
|
. |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Thu Feb 05, 2004 9:33 pm Post subject: |
|
|
| flowctrl wrote: | | nielchiano wrote: | ok, for those interested: /etc/ldap.conf:
| Code: |
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=padl,dc=com
|
|
Does this mean that uncommenting the rootbinddn line fixed it? |
yes it does (and putting the passwd in /etc/ldap.secret)
| flowctrl wrote: |
Another way would be to use:
| Code: |
ldappasswd -S -D "uid=${USER},ou=people,dc=yourdomain,dc=ca" -x -W
|
|
thx! |
|
| Back to top |
|
|
|
Networking & Security
