shadowLastChange error and Active Directory synchronization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, all.  I'm seeing a strange problem in our set up to synchronize
passwords between Directory Server 8.0 and Active Directory.  If I
change a user's password from idm-console, the password synchronizes.
If I change it from Active Directory, the password synchronizes.

However, if the user changes their own password (they use Ubuntu 8.0.4
KDE desktops), the passwords do not synchronize.  We do see an entry in
the error log:

Entry "uid=mlap,ou=Desks,o=a0,o=Int,dc=mycompany,dc=com" -- attribute "shadowLastChange" not allowed

That seemed straightforward so I checked the ACIs and we do allow users
to change this attribute:

(targetattr != "nsroledn||aci") 
(version 3.0;
acl "Allow self entry modification except for nsroledn and aci
attributes";
allow (read,compare,search,write)
(userdn = "ldap:///self";)
;)

Any idea why we are receiving these errors? Would this cause password
synchronization to fail? Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux