2

I have Configured LDAP Authentication for my Linux Machines. The LDAP Server is Novell eDirectory. The LDAP Users are able to login into the machine. But when i am issuing passwd command it is asking LDAP password then asking to give me new password. After that i am getting a message saying that all the authentication tokens are successfully updated.

But when i try to login with the new password into the machine it is not allowing but when i tried with the old password it is allowing me to loign. Even the eDirectory password also didn't got changed?

What's wrong i am doing?

EEAA
  • 108,414
  • 18
  • 172
  • 242
Dungeon Hunter
  • 221
  • 1
  • 4
  • 16

1 Answers1

3

If you're using standard Linux LDAP binding, rather than the Novell-specific bind methods available with Open Enterprise Server, the user you configure in rootbinddn needs to be able to change passwords for users. This is a specific right to grant in eDirectory. If the user specified is only allowed to query eDir, then password changes won't actually work.

If that's in place, then there are a couple of things that could be getting in the way

No Universal password policy

In eDirectory, the user having their password changed must have a Universal Password Policy assigned to them. This defines password complexity rules and several other things.

Secondly, the user in rootbinddn must be listed in that password policy as allowed to change passwords. Administrator still needs to be added to these policies, it isn't there by default.

Password Complexity Failure

The password supplied does not meet the parameters set up in the Universal Password Policy. Perhaps it is not complex enough, or has been used too recently.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296