shadowMax

good morning, I've a question about password managing in ldap with samba. I've seen that samba schema's attributes don't have effect on password managing. Only shadowAccount's attribute do it. So i changed shadowMax to "0" for a user and at the next login it tells me "You are required to change your password immediately (password aged) LDAP administrator password: " After entering ldap admin's password it tells me "Authentication token manipulation error". Why? the admin'password is correct, am sure Thanks