Heiko Noordhof wrote:
> Hello,
>
> While trying to setup an LDAP-server for user authentication on linux
> desktop-client PC's with pam_ldap I stumbeled upon the following issue:
>
> Password-aging only seems to work when a "rootdn" is configured and has
> write access to the userPassword attribute of all users. If the "rootdn"
> doesn't have write-access and I try to log in using an account with an
> expired password I do get the warning and the opportunity to change the
> password. But when submitting the new password I get: "LDAP password
> information update failed: insufficient access".
Sounds like an ACL issue on the server. Maybe you are not letting the user
change his own password?
