Password Changing and PAM_LDAP (Linux)
Novell Cool Solutions: Trench
By Casper Peterson
Digg This -
Posted: 14 May 2003
See the update to this tip from g.m.vandendobbelsteen below.
Per the established default, a user does not have rights to change their own password (passwd command) when pam_ldap is used.
Make the following changes to /etc/ldap.conf:
And add the following NDS rights to the objects NDS rights to self:
Password Management [w] shadowLastChange [w]
Password Management can also be applied to a container. Remember to set "Inheritable" to enable in sub-container.
For more information about Authenticating Users to UNIX Systems see this AppNote: Authenticating Users to UNIX Systems with Novell eDirectory and LDAP
This is not entirely true. You can modify the pam.d/passwd file for password changes. We've successfully implemented this for several UNIX systems. You need to use pam_password nds for that, and pam_ldap will take care of everything. -- g.m.vandendobbelsteen
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com