shadowMax

good morning, I've a question about password managing in ldap with samba. I've seen that samba schema's attributes don't have effect on password managing. Only shadowAccount's attribute do it. So i changed shadowMax to "0" for a user and at the next login it tells me

"You are required to change your password immediately (password aged) LDAP administrator password: "

After entering ldap admin's password it tells me

"Authentication token manipulation error".

Why? the admin'password is correct, am sure

Thanks