[Fedora-directory-users] Linux password change/expiration issue
George Holbert
gholbert at broadcom.com
Sat Nov 4 21:28:08 UTC 2006
One possible issue:
Does your ACI set allow shadowLastChange to be written?
To test, you could add a very permissive ACI that allows anyone to write
shadowLastChange. If that helps, then hone down the ACI. I think all you
should need is self-write for shadowLastChange, but I'm not 100% sure.
----- Original Message -----
From: "Kyle Tucker" <kylet at panix.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users at redhat.com>
Sent: Saturday, November 04, 2006 11:11 AM
Subject: Re: [Fedora-directory-users] Linux password change/expiration issue
> Hi all,
> Sorry to be a pest with this, but I am so close. I went back
> to using shadowAccount and have it all behaving just as I need with
> one acception. When a client uses successfully changes their password,
> the userPassword attribute is changed in LDAP, but the shadowLastChange
> is not updated to the current day, and the password is still being
> interpreted as expired. This occurs with FDS 1.0.2 and 1.0.3. So I am
> not chasing an unattainable goal, should shadowLastChange be getting
> updated at the same time and procedure as is userPassword? Thanks.
>
> --
> - Kyle
> ---------------------------------------------
> kylet at panix.com http://www.panix.com/~kylet
> ---------------------------------------------
More information about the 389-users
mailing list