I finally figured out a working shell script to make LDAP user password changes using mozldap/ldappasswd. Unfortunately, I just discovered that changing the password using this does not update the "shadowLastChange" attribute, so users with expired passwords are still not able to log in, even after an admin has reset their password in this manner. Since we are migrating from traditional shadow passwords to LDAP, the attribute we need to get updated by this is "shadowLastChange" I attempted to work around this in /etc/ldap.conf by adding this: nss_map_attribute shadowLastChange pwdLastSet But to no avail. In addition, the "change ldap password" plugin also does not update this, although webmin users and groups module does. What am I missing? Thanks in Advance! James Smallacombe PlantageNet, Inc. CEO and Janitor up at 3.am http://3.am =========================================================================
