LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

171

172

173

174

175

176

177

178

179

180

7 User Tasks

This chapter describes the following tasks your users will need to do:

• To Change Passwords (page 177)

• To Change Personal Information (page 178)

To Change Passwords

With LDAP-UX Client Services, users change their password with the passwd(1) command.

Depending on how you have PAM configured and depending on where the user's information

is, in the directory or in /etc/passwd, users may get prompted for their password twice as PAM

looks in the configured locations for the user's information.

Since LDAP directory replicas may not be modifiable, the passwd(1) command may not work on

clients configured to use a directory replica. In this case you could use the ldappasswd(8) command.

You might wrap an ldappasswd command in a passwd wrapper, similar to the yppasswd(1)

command. The wrapper would ask the user for the old password, call ldapsearch to find the

current user's DN, then call ldappasswd(8) and specify the master LDAP directory server. See

Sample passwd Command Wrapper (page 178) for an example you can modify and use.

For example, say clients 1-50 use the master directory server on sys001 and clients 51-100 use

the replica directory server on sys002. The passwd(1) command on clients 1-50 can modify

passwords in the master directory on sys001. However, the passwd(1) command on clients 51-100

will fail because the replica server on sys002 cannot be modified. See the diagram below.

Figure 7-1 Cannot Change Passwords on Replica Servers

Replica LDAP

Directory Server

Master LDAP

Directory Server

Updates

LDAP-UX

Clients 1-50

passwd(1) can not

modify replica

LDAP server

passwd(1) can

modify master

LDAP server

LDAP-UX

Clients 51-100

One way to allow clients 51-100 to change their passwords is to create a new passwd(1) command

wrapper on these clients that calls ldappasswd(1), which modifies the master directory. When the

replica server is updated depends on how you have configured the replication. All other LDAP

requests continue to go to the replica server through PAM and NSS. See Changing Passwords

on Master Server with ldappasswd (page 178) below. See also Sample passwd Command Wrapper

(page 178) for a sample passwd wrapper command.

To Change Passwords 177