Red Hat Bugzilla – Bug 164359
pam_ldap doesn't follow referrals when updating password
Last modified: 2015-01-07 19:10:15 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050725 Firefox/1.0.6 (Ubuntu package 1.0.6)
Description of problem:
The bugfix referred to in the URL also applies to RHEL ES 2.1; pam_ldap does not follow referrals when updating the password.
[root@starboard root]# passwd jamie
Changing password for user jamie
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
LDAP password information update failed: Unknown error
passwd: Permission denied
and in syslog:
Jul 27 18:16:02 starboard passwd: pam_ldap: ldap_extended_operation_s Referral
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up OpenLDAP replicating servers
2. configure pam to use pam_ldap
3. attempt to use passwd to change users password
The code path taken here is different to the one fixed by
pam_ldap-145-updatecred.patch, as you can see by the error message
'ldap_extended_operation_s' rather than 'ldap_modify_s', but I wonder if a
similar patch would fix the problem.
I am using "pam_password exop" in /etc/ldap.conf.
Sorry about the noise, I've since found that the error is due to the local
configuration. There is no problem with referrals in pam_ldap as shipped in
RHEL ES 2.1.