I am still not getting shadowLastChange to update. I am using the
ldappasswd command to set the password and it does change the password but the
shadowLastChange is not being updated. Anyone got any feedback for me. I am beginning to
wonder if there is a bug in this older version of openldap that Centos is using.
As mentioned in the manpage, ldappasswd uses the LDAPv3 Password Modify (RFC 3062)
extended operation. This operation allows the server to automatically hash the supplied
If the password policy overlay is loaded and attached, it may update the pwdChangedTime
Under no circumstances should this have anything to do with shadowLastChange, which is
part of the unrelated RFC 2307 schema.
Modern LDAP PAM-modules should be able to use the ppolicy mechanisms to enforce changes
instead. Try checking out slapo-ppolicy?