passwd fails to change ldap password with currently stable pam_ldap-171 and ``pam_password exop'' method in /etc/ldap.conf. baz@iron baz $ passwd Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Unknown error use bind to verify old password passwd: Permission denied baz@iron baz $ pam_ldap-156 and pam_ldap-176 works fine Reproducible: Always Steps to Reproduce: Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.4.28-gentoo-r5 i686) ================================================================= System uname: 2.4.28-gentoo-r5 i686 Intel(R) Xeon(TM) CPU 2.80GHz Gentoo Base System version 1.4.16 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.90.0.1.1-r3 Headers: sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -O3 -pipe -fstack-protector" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -O3 -pipe -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig buildpkg distlocks sfperms userpriv usersandbox" GENTOO_MIRRORS="ftp://rsync.private.mosuzedu.ru/gentoo ftp://mirror.gentoo.ru/pub/mirror/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.private.mosuzedu.ru/gentoo-portage" USE="x86 acl acpi apache2 crypt encode gd ldap mmx mysql nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses nls pam quotas readline samba slang sse ssl xfs"
The attached patch and ebuild should take care of this. The patch is c. 2001, was posted to the openldap list, and is commonly known to work.
Created attachment 55942 [details] pam_ldap/pam_ldap-171-r1.ebuild
Created attachment 55943 [details, diff] pam_ldap/files/pam_ldap-171-passwd_exop.diff
any reason not to mark 176 stable instead?
176 is in stable now.