Hey All I am still not getting shadowLastChange to update. I am using the ldappasswd command to set the password and it does change the password but the shadowLastChange is not being updated. Anyone got any feedback for me. I am beginning to wonder if there is a bug in this older version of openldap that Centos is using. John Allgood Senior Systems Administrator OHL Transportation Services 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878 jallgood@ohl.com<mailto:jallgood@ohl.com> www.ohl.com<http://www.ohl.com> From: openldap-technical-bounces+jallgood=ohl.com(a)OpenLDAP.org [mailto:openldap-technical-bounces+jallgood=ohl.com@OpenLDAP.org] On Behalf Of Allgood, John Sent: Wednesday, May 19, 2010 3:21 PM To: &#39;openldap-technical(a)openldap.org&#39; Subject: shadowLastChange not updating Hey All I am troubleshooting openldap on a Centos box and having an issue. When the users set their passwords using the passwd program shadowLastChange is not getting updated in ldap. Using openldap 2.3.43.12.el5. Here is a listing of my ACL's. Any ideas? access to attrs=userPassword,shadowLastChange by dn.base="cn=Manager,dc=turbocorp,dc=com" write by anonymous auth by self write by * none access to attrs=SambaLMPassword,SambaNTPassword by dn.base="cn=Manager,dc=turbocorp,dc=com" write by anonymous auth by self write by * none access to * by dn.base="cn=Manager,dc=turbocorp,dc=com" write by self write by * read John Allgood Senior Systems Administrator OHL Transportation Services 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878 jallgood@ohl.com<mailto:jallgood@ohl.com> www.ohl.com<http://www.ohl.com> ______________________________________________________ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. ______________________________________________________ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.

With that being said do I even need to maintain the shadow module in ldap. I had ppolicy loaded but dropped it out trying to figure out how all this is supposed to work. John Allgood Senior Systems Administrator OHL Transportation Services 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878 jallgood(a)ohl.com www.ohl.com ______________________________________________________ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.