I finally figured out a working shell script to make LDAP user password
changes using mozldap/ldappasswd. Unfortunately, I just discovered that
changing the password using this does not update the "shadowLastChange"
attribute, so users with expired passwords are still not able to log in,
even after an admin has reset their password in this manner.
Since we are migrating from traditional shadow passwords to LDAP, the
attribute we need to get updated by this is "shadowLastChange"
I attempted to work around this in /etc/ldap.conf by adding this:
nss_map_attribute shadowLastChange pwdLastSet
But to no avail. In addition, the "change ldap password" plugin also does
not update this, although webmin users and groups module does.
What am I missing? Thanks in Advance!
James Smallacombe PlantageNet, Inc. CEO and Janitor
389 users mailing list