On Fri, Mar 1, 2013 at 3:48 AM, Fosiul Alam <fosiul(a)gmail.com> wrote:
We have 389 server installed with ssl enabled.
When we try to change password from centos 5 servers its fine . but
from centos 6, i get bellow error :
Changing password for user testuser
Enter login(LDAP) password:
Retype new password:
LDAP password information update failed: Constraint violation
invalid password syntax - passwords with storage scheme are not allowed
passwd: Authentication token manipulation error
we have this in /etc/ldap.conf
same /etc/ldap.conf works fine in centos5 but for centos6 its looks
like not working
Before RHEL6, we used the /etc/ldap.conf configuration file, since the
'nss_ldap' package provided /etc/ldap.conf for both nss_ldap and
- In RHEL6.0 the 'nss_ldap' package was replaced by two packages:
- 'nss-pam-ldapd', which uses the /etc/nslcd.conf configuration file.
- 'pam_ldap', which uses the '/etc/pam_ldap.conf' configuration file.
In RHEL6 Ldap client side configuration can be done either using nslcd
(provided by nss-pam-ldapd) or using SSSD(recommended).
The nss-pam-ldapd provides the nss-pam-ldapd daemon (nslcd) which uses
a directory server to look up name service information on behalf of a
lightweight nsswitch module. The authentication part is handled by
pam_ldap from http://www.padl.com/OSS/nss_ldap.html
nss-pam-ldapd's own pam_ldap is disabled.
You need to configure /etc/pam_ldap.conf & /etc/nslcd.conf to get ldap
client working if you want to configure using NSLCD.
nslcd uses configuration information from /etc/nslcd.conf file and
pam_ldap uses /etc/pam_ldap.conf file(If authconfig is used, both the
files are updated automatically).
The System Security Services Daemon (SSSD) is a service which provides
access to different identity and authentication providers. You can
configure SSSD to use a native LDAP domain (that is, an LDAP identity
provider with LDAP authentication), or an LDAP identity provider with
Kerberos authentication. It provides an NSS and PAM interface to the
system, and a pluggable back-end system to connect to multiple
different account sources.
SSSD uses the configuration information from /etc/sssd.conf file for
identity lookup and authentication.
what shall i do ??
Thanks for help
389 users mailing list