On Tue, 2007-09-25 at 12:08 -0400, Victor Hugo dos Santos wrote: > 2007/9/25, Steve Rigler <srigler@xxxxxxxxxxxxxxx>: > > On Tue, 2007-09-25 at 09:55 -0400, Victor Hugo dos Santos wrote: > > [...] > > > Your accounts need to have the "shadowAccount" objectclass and > > "shadowLastChange" needs to be writable by ldap://self or by the dn that > > changes their password on their behalf (if you use "rootbinddn" in your > > pam ldap.conf). > > mmm... in test don't work.. > > debian2:/etc/ssl/certs# getent shadow | grep camador > camador:*:13524::99999:7:::0 > > debian2:/etc/ssl/certs# passwd camador > Enter login(LDAP) password: > New UNIX password: > Retype new UNIX password: > LDAP password information changed for camador > passwd: password updated successfully > > debian2:/etc/ssl/certs# getent shadow | grep camador > camador:*:13524::99999:7:::0 > > how you can look.. the shadow info is the same, before y after the > change of password. > > any other idea ?? > > thanks > Did you add an aci to allow write access to "shadowLastChange"? -Steve -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
