On 13-09-03 10:34 PM, john espiro wrote:
I changed the password with ldappasswd successfully, but still the
error persists. Doing some research it seems that shadowLastChange is not getting
How can we resolve this?
There are two ways.
The first is that every application that might change a user's password
could be set up to also update shadowLastChange. For example, nslcd(8)
0.8.0 and newer will try to update it, if you use libpam-ldapd and
perform a PAM password change. In the case where you change the password
with ldappasswd(1), you would have to update shadowLastChange separately
The second way, which I prefer, is to use an overlay such as smbk5pwd to
maintain shadowLastChange. Even if you don't use Samba or Heimdal, you
can configure smbk5pwd with just
to have it maintain shadowLastChange. Then your responsibility is to
make sure that every application performs a proper password change using
the exop and not directly writing to userPassword. (ldappasswd(1) and
nslcd(8) both do the right thing, but most web applications I've
encountered do not.)
Hope that helps.
Ryan Tandy - Programmer/Analyst rtandy(a)sd63.bc.ca
School District 63 (Saanich) +1 250 652 7385