Bug 164359 - pam_ldap doesn't follow referrals when updating password
pam_ldap doesn't follow referrals when updating password
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: nss_ldap (Show other bugs)
2.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
https://rhn.redhat.com/network/errata...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-27 04:17 EDT by Anchor Systems Managed Hosting
Modified: 2015-01-07 19:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-28 00:54:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anchor Systems Managed Hosting 2005-07-27 04:17:17 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050725 Firefox/1.0.6 (Ubuntu package 1.0.6)

Description of problem:
The bugfix referred to in the URL also applies to RHEL ES 2.1; pam_ldap does not follow referrals when updating the password.

[root@starboard root]# passwd jamie
Changing password for user jamie
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
LDAP password information update failed: Unknown error
passwd: Permission denied

and in syslog:

Jul 27 18:16:02 starboard passwd[942]: pam_ldap: ldap_extended_operation_s Referral


Version-Release number of selected component (if applicable):
nss_ldap-189-12

How reproducible:
Always

Steps to Reproduce:
1.  Set up OpenLDAP replicating servers
2.  configure pam to use pam_ldap
3.  attempt to use passwd to change users password
  

Additional info:
Comment 1 Anchor Systems Managed Hosting 2005-07-27 22:06:17 EDT
The code path taken here is different to the one fixed by
pam_ldap-145-updatecred.patch, as you can see by the error message
'ldap_extended_operation_s' rather than 'ldap_modify_s', but I wonder if a
similar patch would fix the problem.

I am using "pam_password exop" in /etc/ldap.conf.
Comment 2 Anchor Systems Managed Hosting 2005-07-28 00:54:54 EDT
Sorry about the noise, I've since found that the error is due to the local
configuration.  There is no problem with referrals in pam_ldap as shipped in
RHEL ES 2.1.

Note You need to log in before you can comment on or make changes to this bug.