I've implemented an Open LDAP server in OpenSuSE 11.2 via the YaST GUI. I'm having success logging in from the local machine and other machines via LDAP. I am able to change LDAP user passwords via
passwd
on the command line. However, I cannot do anything else through the command line, such as
passwd -e username
.
I get the following error
Authentication failure.
LDAP information update failed: Operations error
Error while changing password expiry information.
The same goes for any other arguments regarding password expiry or for locking accounts via -l
.
Is this simply a limitation of the LDAP server, or do I have an incorrect configuration?
Best Answer
passwd
just uses PAM. Configure PAM to send password changes to LDAP.Add the following to
/etc/pam.d/common-password
This assumes that you've already configured LDAP to allow the necessary writes and the only thing lacking is the PAM set up.