[Date Prev][Date Next]
RE: shadowLastChange not updating
With that being said do I even need to maintain the shadow module in ldap. I had ppolicy loaded but dropped it out trying to figure out how all this is supposed to work.
Senior Systems Administrator
OHL Transportation Services
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051 fax: (770) 531-7878
> -----Original Message-----
> From: Matthew Backes [mailto:firstname.lastname@example.org]
> Sent: Friday, May 21, 2010 4:50 PM
> To: Allgood, John
> Cc: 'email@example.com'
> Subject: Re: shadowLastChange not updating
> Hello, John.
> > I am still not getting shadowLastChange to update. I am using the
> ldappasswd command to set the password and it does change the password
> but the shadowLastChange is not being updated. Anyone got any feedback
> for me. I am beginning to wonder if there is a bug in this older
> version of openldap that Centos is using.
> As mentioned in the manpage, ldappasswd uses the LDAPv3 Password Modify
> (RFC 3062) extended operation. This operation allows the server to
> automatically hash the supplied password.
> If the password policy overlay is loaded and attached, it may update
> the pwdChangedTime attribute.
> Under no circumstances should this have anything to do with
> shadowLastChange, which is part of the unrelated RFC 2307 schema.
> Modern LDAP PAM-modules should be able to use the ppolicy mechanisms to
> enforce changes instead. Try checking out slapo-ppolicy?
> Matthew Backes
> Symas Corporation
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.