Hi All, I have several SuSE Pro 9.0, 9.1 and 9.2 systems. One of these systems is running openldap2 server and the other systems are clients of this LDAP server and authenticate against it. I use pam_ldap and nss_ldap on the clients. Recently I realized that my users are able to change their LDAP passwords using "passwd" utility only from the 9.0 clients and not from the 9.1 and 9.2 clients. The error is something like: user@hostname:~> passwd Changing password for user. Enter login(LDAP) password: New password: Re-enter new password: LDAP password information update failed: Can't contact LDAP server use bind to verify old password Password changed. In the clients warn logs I see something like "pam_ldap: ldap_extended_operation_s Server is unwilling to perform". After googling and searcing around for almost 2 days, I discovered that SuSE did not apply a patch to pam_ldap.c file from the pam_ldap distribution on the recent systems (at least on the 9.1 source RPM I did not see the change suggested by PADL). Here it is if anyone wants it. ber_printf (ber, "{"); ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID, session->info->userdn); - ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password); +/* ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);*/ ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, new_password); ber_printf (ber, "N}"); In 9.1 sources, I saw this instead. ber_printf (ber, "{"); ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, session->info->userdn); /* this doesn't appear to be necessary anymore */ ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, old_password); ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password); ber_printf (ber, "N}"); Once I commented out the necessary line, and rebuilt the RPM I could use "passwd" to change the user password in LDAP. Regards, Prakash