[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
shadowLastChange, update problem...
I am using OpenLDAP2-2.1.4-26 and I
seem to be having serious problems with a feature that the both of you
appear to have been able to make work. I curious as to what I am
doing wrong here and hoping that you will be willing and able to assist
me.
I have been able to successfully prove
that root can change a users password and the shadowLastChange attribute
is updated; however, when a user changes his or her password or is forced
to perform a change of his or her password the field is not updated.
Secondly, when I force a user to change
his or her password by setting attribute shadowLastChange to 0 the user
is prompted to change their password. They are first asked for a
new password, then to verify, and finally their old password. The
system then responds that the user's password was changed. However,
the password in fact was not changed and the value of shadowLastChange
remains 0.
I have included other lists in this
E-mail in the hopes that someone can tell me what I am missing.
This is my current configuration:
pam_ldap version is from PADL and is
pam_ldap-166.
# more /etc/pam.d/passwd
#%PAM-1.0
auth required
pam_env.so
auth sufficient
pam_unix.so likeauth nullok
auth sufficient
pam_ldap.so use_first_pass
auth required
pam_deny.so
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required
pam_deny.so
password sufficient
pam_ldap.so
password sufficient
pam_unix.so nullok use_authtok md5
password required
pam_deny.so
session
required pam_limits.so
session
required pam_unix.so
session
optional pam_ldap.so
=============================================
#more /etc/ldap.conf
host
myserver
base
dc=mydomain,dc=org
rootbinddn cn=proxyuser,dc=mydomain,dc=org
#
#bindpw
secret
#
ldap_version 3
port
389
scope
sub
uri
ldap://myserver.mydomain.org/
timelimit 30
pam_filter
objectClass=posixAccount
pam_login_attribute uid
pam_password
md5
pam_check_host_attr yes
============================================
# more /etc/openldap/slapd.conf
include
/etc/openldap/schema/core.schema
include
/etc/openldap/schema/cosine.schema
include
/etc/openldap/schema/nis.schema
access to dn=".*,dc=mydomain,dc=org"
attr=userPassword
by self
write
by dn="cn=Manager,dc=mydomain,dc=org"
write
by dn="cn=proxyuser,dc=mydomain,dc=org"
write
by dn="uid=root,dc=mydomain,dc=org"
write
by * auth
access to dn=".*,dc=mydomain,dc=org"
attr=shadowLastChange
by dn="cn=Manager,dc=mydomain,dc=org"
write
by dn="cn=proxyuser,dc=mydomain,dc=org"
write
by dn="uid=root,dc=mydomain,dc=org"
write
by self read
by * auth
access to *
by * read
loglevel 256
pidfile
/var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
database bdb
suffix "dc=mydomain,dc=org"
#
# Define Rootdn
#
rootdn "cn=Manager,dc=mydomain,dc=org"
rootpw shhhhhh
don't tell...
#
# Data store
#
directory /var/lib/frb.org
mode
0600
index
objectClass eq
index cn,uid eq
index uidNumber
eq
index gidNumber
eq
Thanks!
Eric Sammons