[Samba] LDAP+BDC user password change trouble
Andrew Bartlett
abartlet at samba.org
Mon Nov 7 22:26:53 GMT 2005
On Mon, 2005-11-07 at 21:14 +0100, robert.walland at r-kb.si wrote:
> Hi,
> We are using a PDC (Primary LDAP) and BDC (Replica LDAP). Changing
> password on PDC works fine, but no way when users are logged on BDC. The
> truth is that PDC and BDC are configured with passdb backend =
> ldapsam:ldap://127.0.0.1/. The users get the message like "You are not
> allowed to change password" or "You can not change password at this
> time" when they want to change their password.
> Is it only possible to change password when the BDC is showing to Primary
> LDAP? As I know LDAP supports that you can change something on Replica
> which is then synchronized with the primary LDAP.
This is supported on some commerical ldap servers, and Fedora (I think).
I've only used OpenLDAP so far, which is strictly master/slave(s).
> I'm using only idealx
> scripts and they are not included in the BDC smb.conf, because BDC should
> do only logging for now.
> Some lines from my smb.conf
The way this works is that the slave ldap server should send a referral
saying 'do your modify over here'. If the LDAP server sends this
(configured in the slapd.conf for openldap), then Samba makes the
modification on the master. It is not configured in Samba itself.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051108/8d5744e2/attachment.bin
More information about the samba
mailing list