Hi Expert
We have 389 server installed with ssl enabled. When we try to change password from centos 5 servers its fine . but from centos 6, i get bellow error :
Changing password for user testuser Enter login(LDAP) password: New password: Retype new password: LDAP password information update failed: Constraint violation invalid password syntax - passwords with storage scheme are not allowed passwd: Authentication token manipulation error
we have this in /etc/ldap.conf
ssl start_tls tls_cacertfile /etc/openldap/cert/ourcert.crt pam_password clear
same /etc/ldap.conf works fine in centos5 but for centos6 its looks like not working
what shall i do ??
Thanks for help
Hello
On Fri, Mar 1, 2013 at 3:48 AM, Fosiul Alam fosiul@gmail.com wrote:
Hi Expert
We have 389 server installed with ssl enabled. When we try to change password from centos 5 servers its fine . but from centos 6, i get bellow error :
Changing password for user testuser Enter login(LDAP) password: New password: Retype new password: LDAP password information update failed: Constraint violation invalid password syntax - passwords with storage scheme are not allowed passwd: Authentication token manipulation error
we have this in /etc/ldap.conf
ssl start_tls tls_cacertfile /etc/openldap/cert/ourcert.crt pam_password clear
same /etc/ldap.conf works fine in centos5 but for centos6 its looks like not working
Before RHEL6, we used the /etc/ldap.conf configuration file, since the 'nss_ldap' package provided /etc/ldap.conf for both nss_ldap and pam_ldap configuration.
- In RHEL6.0 the 'nss_ldap' package was replaced by two packages: - 'nss-pam-ldapd', which uses the /etc/nslcd.conf configuration file. - 'pam_ldap', which uses the '/etc/pam_ldap.conf' configuration file.
In RHEL6 Ldap client side configuration can be done either using nslcd (provided by nss-pam-ldapd) or using SSSD(recommended).
nss-pam-ldapd The nss-pam-ldapd provides the nss-pam-ldapd daemon (nslcd) which uses a directory server to look up name service information on behalf of a lightweight nsswitch module. The authentication part is handled by pam_ldap from http://www.padl.com/OSS/nss_ldap.html. Currently nss-pam-ldapd's own pam_ldap is disabled.
You need to configure /etc/pam_ldap.conf & /etc/nslcd.conf to get ldap client working if you want to configure using NSLCD.
nslcd uses configuration information from /etc/nslcd.conf file and pam_ldap uses /etc/pam_ldap.conf file(If authconfig is used, both the files are updated automatically).
SSSD The System Security Services Daemon (SSSD) is a service which provides access to different identity and authentication providers. You can configure SSSD to use a native LDAP domain (that is, an LDAP identity provider with LDAP authentication), or an LDAP identity provider with Kerberos authentication. It provides an NSS and PAM interface to the system, and a pluggable back-end system to connect to multiple different account sources.
SSSD uses the configuration information from /etc/sssd.conf file for identity lookup and authentication.
what shall i do ??
Thanks for help
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
HTH
Regards Arpit Tolani
389-users@lists.fedoraproject.org