Thanks, I just read a post from 2007 stating that.
So, the "jdoe" account changed his password, is the attribute there in the background somewhere? The ldapsearch is not showing the pwdChangedTime attribute:
# ldapsearch -x -W -H ldap://ldapsrvr.group.ldap -D cn=ldapadmin,dc=group,dc=ldap -s base -b uid=jdoe,ou=Users,dc=group,dc=ldap + ... dn: uid=jdoe,ou=Users,dc=group,dc=ldap structuralObjectClass: inetOrgPerson entryUUID: 4b5def70-1ce2-4688-8c12-f1ce4bf401b1 creatorsName: cn=ldapadmin,dc=group,dc=ldap createTimestamp: 20140124143716Z pwdPolicySubentry: cn=default,ou=pwpolicies,dc=group,dc=ldap entryCSN: 20151223153502.001325Z#000000#003#000000 modifiersName: uid=jdoe,ou=Users,dc=group,dc=ldap modifyTimestamp: 20151223153502Z entryDN: uid=jdoe,ou=Users,dc=group,dc=ldap subschemaSubentry: cn=Subschema hasSubordinates: FALSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
John D. Borresen (Dave) Email: john.borresen@ll.mit.edu
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Wednesday, December 23, 2015 10:31 AM To: Borresen, John - 0444 - MITLL; openldap-technical@openldap.org Subject: Re: pwdChangedTime Undefined Attribute
Borresen, John - 0444 - MITLL wrote:
Now, trying to add the pwdChangedTime attribute to the jdoe UID.
This attribute is automatically added when userPassword is (re)set. No need to set it yourself. Therefore the attribute type description contains NO-USER-MODIFICATION.
Ciao, Michael.