Sorry for replying to myself, but I wanted to add more that I've tried since my last post: from the DirSrv X Console: in Configuration -> Indexes I added the "shadowLastChange" attribute to userRoot, then NetscapeRoot, still with no luck. I then put the following in my /etc/ldap.conf nss_map_objectclass shadowAccount User pam_password exop Still no luck. To clarify, the shadowLastChange DOES get propery updated when you reset a user's password in Webmin's "Users and Groups" module, but NOT when you use /usr/lib64/mozldap/ldappasswd OR in the Squirrelmail "Change LDAP Password" plugin. Again, any of these will change the password no problem, but not that attribute....any pointers would be appreciated. Here is a sample user: version: 1 dn: uid=test123,ou=People, dc=some, dc=domain objectClass: posixAccount objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: shadowAccount uid: test123 cn:test123 uidNumber: 999 gidNumber: 999 homeDirectory: /home/test123 loginShell: /bin/false sn: test123 mail: test123@xxxxxxxxxxx shadowLastChange: 13678 shadowMin: 1 shadowMax: 99999 shadowWarning: 14 On Mon, 27 Sep 2010, James Smallacombe wrote: > > I finally figured out a working shell script to make LDAP user password > changes using mozldap/ldappasswd. Unfortunately, I just discovered that > changing the password using this does not update the "shadowLastChange" > attribute, so users with expired passwords are still not able to log in, > even after an admin has reset their password in this manner. > > Since we are migrating from traditional shadow passwords to LDAP, the > attribute we need to get updated by this is "shadowLastChange" > > I attempted to work around this in /etc/ldap.conf by adding this: > > nss_map_attribute shadowLastChange pwdLastSet > > But to no avail. In addition, the "change ldap password" plugin also does > not update this, although webmin users and groups module does. > > What am I missing? Thanks in Advance! > > James Smallacombe PlantageNet, Inc. CEO and Janitor > up@xxxx http://3.am > ========================================================================= > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > James Smallacombe PlantageNet, Inc. CEO and Janitor up@xxxx http://3.am ========================================================================= -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
