Is Open LDAP meant to work with the passwd command for Linux

ldapopensusepassword

I've implemented an Open LDAP server in OpenSuSE 11.2 via the YaST GUI. I'm having success logging in from the local machine and other machines via LDAP. I am able to change LDAP user passwords via

passwd

on the command line. However, I cannot do anything else through the command line, such as
passwd -e username.
I get the following error

Authentication failure.
LDAP information update failed: Operations error
Error while changing password expiry information.

The same goes for any other arguments regarding password expiry or for locking accounts via -l.
Is this simply a limitation of the LDAP server, or do I have an incorrect configuration?

Best Answer

passwd just uses PAM. Configure PAM to send password changes to LDAP.

Add the following to /etc/pam.d/common-password

password   sufficient pam_ldap.so try_first_pass
password   required   pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass

This assumes that you've already configured LDAP to allow the necessary writes and the only thing lacking is the PAM set up.

Related Question