CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and
x86_64.
If a user with an expired password (shadowLastChange + shadowMax < current
day) logs in to a system where ldap.conf points first to a consumer-only
LDAP server, the password change operation (exop) proceeds and fails with:
LDAP password information update failed: Referral
If I comment out "ssl start_tls", the referral to the master is
followed
and the password change operation succeeds. I've found references to
problems with earlier releases of pam_ldap when referrals were not
properly followed when using TLS, and these are supposed to be fixed;
apparently not in my case. Can anyone hit me with the clue stick?
Steve
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT vgersoft DOT com
Voyager Software LLC Web: http://www DOT vgersoft DOT com
39 Smugglers Path VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
"186,300 miles per second: it's not just a good idea, it's the
law"
----------------------------------------------------------------------------