With that being said do I even need to maintain the shadow module in ldap. I had ppolicy
loaded but dropped it out trying to figure out how all this is supposed to work.
John Allgood
Senior Systems Administrator
OHL Transportation Services
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051 fax: (770) 531-7878
jallgood(a)ohl.com
www.ohl.com
-----Original Message-----
From: Matthew Backes [mailto:mbackes@symas.com]
Sent: Friday, May 21, 2010 4:50 PM
To: Allgood, John
Cc: 'openldap-technical(a)openldap.org'
Subject: Re: shadowLastChange not updating
Hello, John.
> I am still not getting shadowLastChange to update. I am using the
ldappasswd command to set the password and it does change the password
but the shadowLastChange is not being updated. Anyone got any feedback
for me. I am beginning to wonder if there is a bug in this older
version of openldap that Centos is using.
As mentioned in the manpage, ldappasswd uses the LDAPv3 Password Modify
(RFC 3062) extended operation. This operation allows the server to
automatically hash the supplied password.
If the password policy overlay is loaded and attached, it may update
the pwdChangedTime attribute.
Under no circumstances should this have anything to do with
shadowLastChange, which is part of the unrelated RFC 2307 schema.
Modern LDAP PAM-modules should be able to use the ppolicy mechanisms to
enforce changes instead. Try checking out slapo-ppolicy?
Matthew Backes
Symas Corporation
mbackes(a)symas.com
______________________________________________________
This e-mail transmission may contain information that is proprietary, privileged and/or
confidential and is intended exclusively for the person(s) to whom it is addressed. Any
use, copying, retention or disclosure by any person other than the intended recipient or
the intended recipient's designees is strictly prohibited. If you are not the intended
recipient or their designee, please notify the sender immediately by return e-mail and
delete all copies.