I am using OpenLDAP2-2.1.4-26 and I seem to be having serious problems with a feature that the both of you appear to have been able to make work. I curious as to what I am doing wrong here and hoping that you will be willing and able to assist me.
I have been able to successfully prove that root can change a users password and the shadowLastChange attribute is updated; however, when a user changes his or her password or is forced to perform a change of his or her password the field is not updated. Secondly, when I force a user to change his or her password by setting attribute shadowLastChange to 0 the user is prompted to change their password. They are first asked for a new password, then to verify, and finally their old password. The system then responds that the user's password was changed. However, the password in fact was not changed and the value of shadowLastChange remains 0. I have included other lists in this E-mail in the hopes that someone can tell me what I am missing. This is my current configuration: pam_ldap version is from PADL and is pam_ldap-166. # more /etc/pam.d/passwd #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so password sufficient pam_ldap.so password sufficient pam_unix.so nullok use_authtok md5 password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ============================================= #more /etc/ldap.conf host myserver base dc=mydomain,dc=org rootbinddn cn=proxyuser,dc=mydomain,dc=org # #bindpw secret # ldap_version 3 port 389 scope sub uri ldap://myserver.mydomain.org/ timelimit 30 pam_filter objectClass=posixAccount pam_login_attribute uid pam_password md5 pam_check_host_attr yes ============================================ # more /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema access to dn=".*,dc=mydomain,dc=org" attr=userPassword by self write by dn="cn=Manager,dc=mydomain,dc=org" write by dn="cn=proxyuser,dc=mydomain,dc=org" write by dn="uid=root,dc=mydomain,dc=org" write by * auth access to dn=".*,dc=mydomain,dc=org" attr=shadowLastChange by dn="cn=Manager,dc=mydomain,dc=org" write by dn="cn=proxyuser,dc=mydomain,dc=org" write by dn="uid=root,dc=mydomain,dc=org" write by self read by * auth access to * by * read loglevel 256 pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args database bdb suffix "dc=mydomain,dc=org" # # Define Rootdn # rootdn "cn=Manager,dc=mydomain,dc=org" rootpw shhhhhh don't tell... # # Data store # directory /var/lib/frb.org mode 0600 index objectClass eq index cn,uid eq index uidNumber eq index gidNumber eq Thanks! Eric Sammons
