LDAP again…

I know… it’s getting boring…

I just wanted to say that I’ve sucessfully fixed two problems:

  1. I had a problem where passwd immediatly failed one another server I just LDAPed:
    pilif@sen1 ~ % passwd
    LDAP Password incorrect
    passwd: User not known to the underlying authentication module
    pilif@sen1 ~ %

    The problem was a use_first_pass I had in the pam_ldap-line of /etc/pam.d/passwd. When changing the password, it checked the authentity with an empty password (first_pass was empty – I never ever entered one) which failed. If somebody could please tell me the log level to set in slapd.conf to actually get useful logging information describing the problem: step forward!

  2. You have to set rootbinddn in you (pam|nss)_ldap configuration file. This will enable root to change a users password without having to know it first.

    Oh.. both updatedn and updateref where not correctly set in the replicas slapd.conf. I’ve fixed this too.