[CentOS] LDAP and expired passwords

Fri Oct 31 22:32:48 UTC 2008
Steve Thompson <smt at vgersoft.com>

On Fri, 31 Oct 2008, Scott McClanahan wrote:

> On Fri, 2008-10-31 at 16:32 -0400, Steve Thompson wrote:
>> CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and
>> x86_64.
>>
>>  	LDAP password information update failed: Referral
>>
>> If I comment out "ssl start_tls", the referral to the master is followed
>> and the password change operation succeeds. I've found references to
>> problems with earlier releases of pam_ldap when referrals were not
>> properly followed when using TLS, and these are supposed to be fixed;
>> apparently not in my case. Can anyone hit me with the clue stick?
>
> Does the common name in the certificate or the x509 v3 extensions match
> the hostname used in the referral in your slapd.conf?  Is the
> certificate issued by the ldap server you are being referred to signed
> by a trusted CA?

Yes to both.

Steve
----------------------------------------------------------------------------
Steve Thompson                 E-mail:      smt AT vgersoft DOT com
Voyager Software LLC           Web:         http://www DOT vgersoft DOT com
39 Smugglers Path              VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
   "186,300 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------