[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: shadowLastChange not updating

To: "'Matthew Backes'" <mbackes@symas.com>
Subject: RE: shadowLastChange not updating
From: "Allgood, John" <jallgood@ohl.com>
Date: Fri, 21 May 2010 15:53:21 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <5F5E5EAA-3C1B-4BAD-A4F0-54FB1DE2E199@symas.com>
References: <DF1F44E4E77287409E73C3210D93934811CBC3172C@NOC-ML-100.ohlogistics.com> <DF1F44E4E77287409E73C3210D93934811CBC31751@NOC-ML-100.ohlogistics.com> <5F5E5EAA-3C1B-4BAD-A4F0-54FB1DE2E199@symas.com>
Thread-index: Acr5JzjVtNYbBswSR1ecC+PiYynsvQAADjAg
Thread-topic: shadowLastChange not updating

With that being said do I even need to maintain the shadow module in ldap. I had ppolicy loaded but dropped it out trying to figure out how all this is supposed to work.

John Allgood
Senior Systems Administrator
OHL Transportation Services
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051  fax: (770) 531-7878

jallgood@ohl.com
www.ohl.com


> -----Original Message-----
> From: Matthew Backes [mailto:mbackes@symas.com]
> Sent: Friday, May 21, 2010 4:50 PM
> To: Allgood, John
> Cc: 'openldap-technical@openldap.org'
> Subject: Re: shadowLastChange not updating
> 
> Hello, John.
> 
> > I am still not getting shadowLastChange to update. I am using the
> ldappasswd command to set the password and it does change the password
> but the shadowLastChange is not being updated. Anyone got any feedback
> for me. I am beginning to wonder if there is a bug in this older
> version of openldap that Centos is using.
> 
> As mentioned in the manpage, ldappasswd uses the LDAPv3 Password Modify
> (RFC 3062) extended operation.  This operation allows the server to
> automatically hash the supplied password.
> 
> If the password policy overlay is loaded and attached, it may update
> the pwdChangedTime attribute.
> 
> Under no circumstances should this have anything to do with
> shadowLastChange, which is part of the unrelated RFC 2307 schema.
> 
> Modern LDAP PAM-modules should be able to use the ppolicy mechanisms to
> enforce changes instead.  Try checking out slapo-ppolicy?
> 
> Matthew Backes
> Symas Corporation
> mbackes@symas.com


______________________________________________________

This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.

References:
- shadowLastChange not updating
  - From: "Allgood, John" <jallgood@ohl.com>
- RE: shadowLastChange not updating
  - From: "Allgood, John" <jallgood@ohl.com>
- Re: shadowLastChange not updating
  - From: Matthew Backes <mbackes@symas.com>

Prev by Date: Re: shadowLastChange not updating
Next by Date: Re: dynlist and group membership (libnss-ldap, posixGroup, samba)
Index(es):
- Chronological
- Thread