Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 164359 - pam_ldap doesn't follow referrals when updating password
Summary: pam_ldap doesn't follow referrals when updating password
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: nss_ldap
Version: 2.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Jay Turner
URL: https://rhn.redhat.com/network/errata...
Depends On:
TreeView+ depends on / blocked
Reported: 2005-07-27 08:17 UTC by Anchor Systems Managed Hosting
Modified: 2015-01-08 00:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-07-28 04:54:54 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Anchor Systems Managed Hosting 2005-07-27 08:17:17 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050725 Firefox/1.0.6 (Ubuntu package 1.0.6)

Description of problem:
The bugfix referred to in the URL also applies to RHEL ES 2.1; pam_ldap does not follow referrals when updating the password.

[root@starboard root]# passwd jamie
Changing password for user jamie
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
LDAP password information update failed: Unknown error
passwd: Permission denied

and in syslog:

Jul 27 18:16:02 starboard passwd[942]: pam_ldap: ldap_extended_operation_s Referral

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Set up OpenLDAP replicating servers
2.  configure pam to use pam_ldap
3.  attempt to use passwd to change users password

Additional info:

Comment 1 Anchor Systems Managed Hosting 2005-07-28 02:06:17 UTC
The code path taken here is different to the one fixed by
pam_ldap-145-updatecred.patch, as you can see by the error message
'ldap_extended_operation_s' rather than 'ldap_modify_s', but I wonder if a
similar patch would fix the problem.

I am using "pam_password exop" in /etc/ldap.conf.

Comment 2 Anchor Systems Managed Hosting 2005-07-28 04:54:54 UTC
Sorry about the noise, I've since found that the error is due to the local
configuration.  There is no problem with referrals in pam_ldap as shipped in
RHEL ES 2.1.

Note You need to log in before you can comment on or make changes to this bug.