Linux password change/expiration issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bingo. In the admin console, I manually edited the top domain in the
Directory tab using Set Access Permissions and Enable self write for
common attributes, and added shadowLastChange and it updates fine 
along with userPassword now. Thanks so much.

aci: (targetattr = "carLicense ||description ||displayName ||facsimileTelephon
 eNumber ||homePhone ||homePostalAddress ||initials ||jpegPhoto ||labeledURL |
 |mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress ||postalCode |
 |preferredDeliveryMethod ||preferredLanguage ||registeredAddress ||roomNumber
  ||secretary ||seeAlso ||st ||street ||telephoneNumber ||telexNumber ||title
 ||userCertificate ||userPassword ||shadowLastChange ||userSMIMECertificate ||
 x500UniqueIdentifier") (version 3.0;acl "Enable self write for common attribu
 tes";allow (write)(userdn = "ldap:///self";);)


> One possible issue:
> Does your ACI set allow shadowLastChange to be written?
> To test, you could add a very permissive ACI that allows anyone to write 
> shadowLastChange.  If that helps, then hone down the ACI.  I think all you 
> should need is self-write for shadowLastChange, but I'm not 100% sure.
> 
> 
> ----- Original Message ----- 
> From: "Kyle Tucker" <kylet at panix.com>
> To: "General discussion list for the Fedora Directory server project." 
> <fedora-directory-users at redhat.com>
> Sent: Saturday, November 04, 2006 11:11 AM
> Subject: Re: Linux password change/expiration issue
> 
> > Hi all,
> > Sorry to be a pest with this, but I am so close. I went back
> > to using shadowAccount and have it all behaving just as I need with
> > one acception. When a client uses successfully changes their password,
> > the userPassword attribute is changed in LDAP, but the shadowLastChange
> > is not updated to the current day, and the password is still being
> > interpreted as expired. This occurs with FDS 1.0.2 and 1.0.3. So I am
> > not chasing an unattainable goal, should shadowLastChange be getting
> > updated at the same time and procedure as is userPassword? Thanks.
> >
> > -- 
> > - Kyle
> > ---------------------------------------------
> > kylet at panix.com   http://www.panix.com/~kylet
> > ---------------------------------------------
> 
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 


-- 
- Kyle 
---------------------------------------------
kylet at panix.com   http://www.panix.com/~kylet    
---------------------------------------------




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux