password change over LDAP works only if TLS is disabled
I try to setup a linux server (fedora core 2, kernel 2.6.10) to use LDAP as
the password repository.
The LDAP server is local to the server, and I manage to authenticate any
user or change their password with the following /etc/ldap.conf file:
But when enabling TLS (I have "ssl start_tls" as the last line above instead
of "ssl off"), I can still authenticate any user (that is I can telnet to the server
and see the authentication occuring on the LDAP server) but trying to change their password (as root, with the passwd command) always fails with this error message:
Authentication token manipulation error
I don't think the problem is on the directory side since I can bind or search over
TLS using at least 2 different LDAP clients/browsers.
I don't think the problem is in the PAM configuration since it works with TLS disabled,
so I don't know where to search anymore, it looks like a bug to me.
Any help would be greatly appreciated .