Hi, I have already sent this question to openldap-software mailing list. There seems to be a whole lot of package changes between 9.0 and 9.1 SuSE Pro, that I thought of posting this here too to get experts' opinions. I have a OpenLDAP server (openldap2-2.1.22-65 RPM version) running on a SuSE Pro 9.0 server (Kernel 2.4.21-192). There are different clients connecting to this server for authentication (a mix of SuSE Pro 9.0 and 9.1 systems). I have the following packages in the 9.0 clients: pam_ldap-164-42 nss_ldap-207-80 openldap2-client-2.1.22-65 and the following in the 9.1 clients: pam_ldap-169-24 nss_ldap-215-55 openldap2-client-2.2.6-34 I want the users to be able to change their own passwords using the "passwd" command. Here are the scenarios: In the server slapd.conf, I have the following ACLs, access to attrs=userPassword by self write by anonymous auth by dn="cn=Manager,o=tchrf,c=us" write by * none access to attrs=shadowLastChange by dn="cn=Manager,o=tchrf,c=us" write by self write by * auth access to * by * read I also have the "password-hash {SSHA}" option. In all the clients, I have "pam_password exop" enabled. I am able to do the passwd change successfully from the 9.0 systems, but not from the 9.1 systems. The /var/log/messages shows an error like the following: pam_ldap: ldap_extended_operation_s Server is unwilling to perform Please help. If you need more info, please ask. Thanks, Prakash