[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
shadowLastChange can't be read
- To: openldap-technical@openldap.org
- Subject: shadowLastChange can't be read
- From: Maria McKinley <mariak@mariakathryn.net>
- Date: Fri, 22 Mar 2013 19:36:17 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:date:x-google-sender-auth:message-id :subject:from:to:content-type; bh=eJ3oSb37ruFC/f2i87bCCVFvpnrUeynyti7MmYsw3Xo=; b=E2Ar0YgKEcKZ9onKs7OeLFYUIBoDzv+KZ0jQ0oNP/FzuvwtpIimIFbV63nxevJ9Pgn vkJyQSkS9aFHvyZXYtGTRboJ5sfLIL/fHt5H0H/siWeoXIv/23PCwfqY2bZbeZwapxIu QHCYwlSOWIHrboE5I7CCh1gMNtEgxHBVCG6d+trsmHkXVvqGuV1XZ4lyXibkX2x8eiDY GSwTX10kn5NJAhA3q1JHFQL1yDIG+Gx6O7KnphFp9Mt+LOnAlXbi0fg9+VlAhCZ3jw8u xqqKHX2YA43CU4ig1R87Z8TQUUKyF7U2ew6w4wX8NSgmEq1i9R+PqxOZBuQ8tvcU3Y+s 0coA==
Hi there,
I can change the shadowLastChange attribute:
maria@mimi:~/sysadmin/ldap$ ldapmodify -x -v -r -W -D "cn=admin,dc=example,dc=com" -f pass.expldap_initialize( <DEFAULT> )
Enter LDAP Password:Â
replace shadowLastChange:
    15786
modifying entry "uid=chris,ou=people,dc=example,dc=com"
modify complete
But, I can't see it:
annette:~# ldapsearch -x "uid=chris" shadowLastChange
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: uid=chris
# requesting: shadowLastChangeÂ
#
dn: uid=chris,ou=people,dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Even though this is my permission:
olcAccess: {0}to attrs=shadowLastChange by self write by anonymous auth by dn=
Â"cn=admin,dc=example,dc=com" write by * read
olcAccess: {1}to attrs=userPassword by self write by anonymous auth by dn="cn=
Âadmin,dc=example,dc=com" write by * none
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" write by *
 read
Have I done something wrong with my permissions? Is there something else that could be going on here?
thanks,
Maria