Let Users Change Password When Authenticating Against OpenLDAP on Ubuntu 12.04

Last time we managed to let the user stored in our OpenLDAP directory logon to the client. That is cool, but what if the user happens to desire a password change? Let her change it! If only she could...
(Ez a bejegyzés magyarul is olvasható)

Because when she issues the command passwd and types in the correct password she gets a slap in the face like: Authentication information cannot be recovered. 

The remedy will be to open the file /etc/pam.d/common-password and form the line concerning LDAP remove the use_authtok parameter. If you're intrested in what you've just done, please follow the link in further reading. And if you have a lot of clinets, the next command could come handy.

sudo sed -i s/use_authtok// /etc/pam.d/common-password

Next time the quest goes on to reclaim the power over our LDAP-server - without the admin password.


Further reading:

http://manpages.ubuntu.com/manpages/precise/man8/pam_unix.8.html