Did you actually test what I committed?

I did some short tests and it works if $olddn is null.


I did not test the case $olddn != null,  but reviewing the code it 
behaves very different:

* It calls $this->_ldap->move($olddn, $newdn) if ($oldID != $newID), but
   - does no check if $newdn is actually a DN
   - does not ensure that $oldID refers to the same user as $olddn
   - does not ensure that $newID refers to the same user as $newdn

* it uses complete $credentials for the new $entry but does not check 
if only credentials are in it

* it does not hash the password

* it does not check shadowmin

* it does not set shadowlastchange

Try this instead?

Changes have been made in Git (master):

commit 9dc2c5b411e75d780e8b12d00526f163a5156adc
Author: Jan Schneider <jan@horde.org>
Date:   Fri Nov 30 19:10:29 2012 +0100

     [jan] Fix updating users in LDAP driver (Bug #11791).

  framework/Auth/lib/Horde/Auth/Ldap.php |    4 ++--
  framework/Auth/package.xml             |    4 ++--
  2 files changed, 4 insertions(+), 4 deletions(-)

http://git.horde.org/horde-git/-/commit/9dc2c5b411e75d780e8b12d00526f163a5156adc

Horde_Ldap::modify($entry, $parms) require $params to be an 
array('action' => array('attribute1' => array('val1'))). 
Horde_Auth_Ldap::updateUser() calls Horde_Ldap::modify() with its own 
$entry as 2nd argument. This $entry is an array('attribute1' => 'val1').

In consequence no action is forwarded to Horde_Ldap::modify() an no 
modification is done at all.Despite that a successfull change is 
returned to the user.