小弟近日自行建立環境來測試，安裝openldap、openwebmail 及 PAM認證模組
目前遇到帳戶登入webmail後變更密碼會出現『密碼錯誤, 變更不成功.』。

底層看 ldap.log 有出現
Mar 21 17:19:49 mail slapd[1679]: conn=1007 op=5 MOD attr=userPassword
Mar 21 17:19:49 mail slapd[1679]: conn=1007 op=5 RESULT tag=103 err=50 text=

而目前ldap ACL看起來設定無誤
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=abc,dc=com" write
by users peername.IP=192.168.126.0%255.255.255.0 write
by anonymous auth
by * none

access to *
by dn="cn=Manager,dc=abc,dc=com" write
by anonymous peername.IP=127.0.0.1 read
by anonymous peername.IP=192.168.126.0%255.255.255.0 write
by self write
by users read

而在openwebmail.log中出現
Fri Mar 21 16:50:40 2014 - [2543] (192.168.126.1) testuser - change password error - auth_pam.pl, ret -4, pam_authtok() err 10, User not known to the underlying authentication module

openwebmail 在pam.d 下的設定

#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_ldap.so
auth required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_ldap.so
password sufficient /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_unix.so

不曉得是哪裡的設定有誤造成此問題?