Mark A. Ziesemer wrote:
2010/5/14 Michael Ströder <michael(a)stroeder.com
'shadowLastChange' is rather a POSIX account attribute which from my
understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be
I guess I wouldn't have any objections if all the references to "shadow"
were renamed to "posix". However, the shadowLastChange attribute is
part of the shadowAccount objectClass - with neither of these names
referring to POSIX.
I didn't consider to change the name of the attribute. With POSIX account data
I rather wanted to point to RFC 2307 where posixAccount and shadowAccount
object classes and the accompanying attributes are defined.
Don't get me wrong. I support the idea of setting shadowLastChange even if
Howard considers it to be deprecated. And I have no objections to a
But I'd even like to see this overlay available as standard feature. Since in
the current state it has build dependencies to Kerberos libs this is not easy.
Only building the Samba support is possible and needs some tweaking of the
There are many issues posted online with all the password attributes
except shadowLastChange getting updated. This patch should provide a
solution for many of these cases.
Yupp. I already thought these problems long ago when implementing the
different password change use-cases in web2ldap.