From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050725 Firefox/1.0.6 (Ubuntu package 1.0.6) Description of problem: The bugfix referred to in the URL also applies to RHEL ES 2.1; pam_ldap does not follow referrals when updating the password. [root@starboard root]# passwd jamie Changing password for user jamie New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: LDAP password information update failed: Unknown error passwd: Permission denied and in syslog: Jul 27 18:16:02 starboard passwd[942]: pam_ldap: ldap_extended_operation_s Referral Version-Release number of selected component (if applicable): nss_ldap-189-12 How reproducible: Always Steps to Reproduce: 1. Set up OpenLDAP replicating servers 2. configure pam to use pam_ldap 3. attempt to use passwd to change users password Additional info:
The code path taken here is different to the one fixed by pam_ldap-145-updatecred.patch, as you can see by the error message 'ldap_extended_operation_s' rather than 'ldap_modify_s', but I wonder if a similar patch would fix the problem. I am using "pam_password exop" in /etc/ldap.conf.
Sorry about the noise, I've since found that the error is due to the local configuration. There is no problem with referrals in pam_ldap as shipped in RHEL ES 2.1.