Mark A. Ziesemer wrote:
2010/5/14 Michael Ströder <firstname.lastname@example.org mailto:email@example.com> 'shadowLastChange' is rather a POSIX account attribute which from my understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be extended...
I guess I wouldn't have any objections if all the references to "shadow" were renamed to "posix". However, the shadowLastChange attribute is part of the shadowAccount objectClass - with neither of these names referring to POSIX.
I didn't consider to change the name of the attribute. With POSIX account data I rather wanted to point to RFC 2307 where posixAccount and shadowAccount object classes and the accompanying attributes are defined.
Don't get me wrong. I support the idea of setting shadowLastChange even if Howard considers it to be deprecated. And I have no objections to a one-sets-all-of-these overlay.
But I'd even like to see this overlay available as standard feature. Since in the current state it has build dependencies to Kerberos libs this is not easy. Only building the Samba support is possible and needs some tweaking of the Makefile.
There are many issues posted online with all the password attributes except shadowLastChange getting updated. This patch should provide a solution for many of these cases.
Yupp. I already thought these problems long ago when implementing the different password change use-cases in web2ldap.