Skip to content

Fusion Network

Enable LDAP Password change on LInux using passwd command

I recentally was changing passwords for my accounts and found that the passwd utility would not allow me to change my LDAP password as I had hoped. Never fear, this can be changed with a few simple tweaks to your PAM system on your box. The following has been tested on CentOS 5x with the following packages.

nss_ldap version  253-25.el5 (64 bit)

 Make sure that these lines are in your /etc/ldap.conf

 pam_password exop
pam_lookup_policy yes

Now make a backup of /etc/pam.d/passwd and open the /etc/pam.d./passwd file for editing. 

 Add the following lines above anything else already in the file.

password required pam_cracklib.so retry=3
password sufficient pam_ldap.so use_authtok
password sufficient pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so

You should now be able to run "passwd" as your normal user and it will change your password on the LDAP system (Assuming you allow your users to do so. If you have problems make sure the user is allowed to update their password in the LDAP system).