One possible issue:
Does your ACI set allow shadowLastChange to be written?
To test, you could add a very permissive ACI that allows anyone to write
shadowLastChange. If that helps, then hone down the ACI. I think all you
should need is self-write for shadowLastChange, but I'm not 100% sure.
----- Original Message -----
From: "Kyle Tucker" <kylet@xxxxxxxxx>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users@xxxxxxxxxx>
Sent: Saturday, November 04, 2006 11:11 AM
Subject: Re: Linux password change/expiration issue
Hi all,
Sorry to be a pest with this, but I am so close. I went back
to using shadowAccount and have it all behaving just as I need with
one acception. When a client uses successfully changes their password,
the userPassword attribute is changed in LDAP, but the shadowLastChange
is not updated to the current day, and the password is still being
interpreted as expired. This occurs with FDS 1.0.2 and 1.0.3. So I am
not chasing an unattainable goal, should shadowLastChange be getting
updated at the same time and procedure as is userPassword? Thanks.
--
- Kyle
---------------------------------------------
kylet@xxxxxxxxx http://www.panix.com/~kylet
---------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
