[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Updating ShadowLastChange with slurpd
I have an openldap server acting in the standard master / slave
configuration.
I have forced password expiration on first login by setting
ShadowLastChange to 0.
If a user logs in for the first time to any LDAP client machine or to the
master itself, they're prompted to change their password immediately and
the password gets updated immediately.
If they log into the slave and change their password, the updateref passes
it back to the master and updates the password, but logging into any LDAP
client or master server prompts them to change their newly changed
password.
My ACL's on the master and slave are as so:
access to attribute=shadowLastChange
by dn="cn=root,dc=sboss,dc=com"
by self write
by * read
access to attrs=userPassword
by dn="cn=root,dc=sboss,dc=com"
by self write
by * auth
access to *
by * read
And on the slave server we have the identical slapd.conf save for the
replog and replica entries and these:
updatedn "cn=root,dc=sboss,dc=com"
updateref ldap://ldap02.sboss.com:389
I'm sure this is a simple misconfiguration, but where?
Thank you,
--
Brian