[Fedora-directory-users] posixaccount and shadowlastchange
Steve Rigler
srigler at MarathonOil.Com
Tue Sep 25 17:21:49 UTC 2007
On Tue, 2007-09-25 at 12:08 -0400, Victor Hugo dos Santos wrote:
> 2007/9/25, Steve Rigler <srigler at marathonoil.com>:
> > On Tue, 2007-09-25 at 09:55 -0400, Victor Hugo dos Santos wrote:
>
> [...]
>
> > Your accounts need to have the "shadowAccount" objectclass and
> > "shadowLastChange" needs to be writable by ldap://self or by the dn that
> > changes their password on their behalf (if you use "rootbinddn" in your
> > pam ldap.conf).
>
> mmm... in test don't work..
>
> debian2:/etc/ssl/certs# getent shadow | grep camador
> camador:*:13524::99999:7:::0
>
> debian2:/etc/ssl/certs# passwd camador
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information changed for camador
> passwd: password updated successfully
>
> debian2:/etc/ssl/certs# getent shadow | grep camador
> camador:*:13524::99999:7:::0
>
> how you can look.. the shadow info is the same, before y after the
> change of password.
>
> any other idea ??
>
> thanks
>
Did you add an aci to allow write access to "shadowLastChange"?
-Steve
More information about the Fedora-directory-users
mailing list