(ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange

[online@mark.ziesemer.com]

Full_Name: Mark A. Ziesemer
Version: 2.4.21 / HEAD
OS: Ubuntu Linux
URL: ftp://ftp.openldap.org/incoming/smbk5pwd-shadow-b.patch
Submission from: (NULL) (2001:470:1f11:3ae:dc54:73ba:be16:148)


Using the PasswordModify Extended Operation (exop) along with the smbk5pwd slapd
overlay provides several benefits, but does not currently include the
shadowLastChange attribute of the shadowAccount class.  This means the
shadowLastChange is missed from update, unless specially done along with a
PasswordModify.

This patch adds support for updating shadowLastChange into the smbk5pwd overlay
for slapd.

An added benefit is that once the updated overlay is in effect, write access to
the shadowLastChange attribute can optionally be restricted by configuration,
preventing users from updating shadowLastChange without actually updating their
password.

The SHA-1 hash of the provided patch (smbk5pwd-shadow-b.patch) is
c29ff518ea4fe03a4c5ee87d07a3af0082256950 .  (Please discard
"smbk5pwd-shadow.patch".)

Patch was generated against HEAD just now, but also applies cleanly to 2.4.21.

I am currently using the patched overlay in my current environment without
noticeable issue.  However, C is not current primary language, so please give
appropriate attention to review.

This patch file is derived from OpenLDAP Software. All of the modifications to
OpenLDAP Software represented in the following patch were developed by Mark A.
Ziesemer <online@mark.ziesemer.com>. I have not assigned rights and/or interest
in this work to any party. 

I, Mark A. Ziesemer, hereby place the following modifications to OpenLDAP
Software (and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.