[#5056] shadowLastChange LDAP attribute are not updated
Summary shadowLastChange LDAP attribute are not updated
Queue Passwd
Queue Version 3.0.1-RC1
Type Bug
State Resolved
Priority 2. Medium
Owners Jan Schneider <jan (at) horde (dot) org>
Requester david (at) tmv (dot) gov (dot) tw
Created 03/02/2007 (436 days ago)
Due
Updated 01/09/2008 (123 days ago)
Assigned 03/29/2007 (409 days ago)
Resolved 01/09/2008 (123 days ago)
Attachments backends.patch.txt Download
Milestone
Patch

History
01/09/2008 Jan Schneider Comment #9
State ⇒ Resolved
Assigned to Jan Schneider		 Reply to this comment
Committed, but commented out by default.
01/09/2008 david (at) tmv (dot) gov (dot) tw Comment #8
New Attachment: backends.patch.txt Download		 Reply to this comment
This patch should fix the problem.

David
05/03/2007 david (at) tmv (dot) gov (dot) tw Comment #7 Reply to this comment
> Uh, I should have noticed on the first glance. Of course it doesn't
> check or set the shadowLastChange and shadowMin attributes if you
> don't set the appropriate parameters in the backend configuration.
I don't see any detail scription about that  in backend.conf.dist ,can you give me a hint ?
04/18/2007 Jan Schneider Comment #6
State ⇒ Not A Bug		 Reply to this comment
Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration.
04/13/2007 david (at) tmv (dot) gov (dot) tw Comment #5 Reply to this comment
I add var_dump($this->_params); to line 247 and got the return message:

array(14) { ["host"]=> string(13) "localhost" ["sslhost"]=> string(0) "" ["port"]=> int(389) ["encryption"]=> string(4) "ssha" ["show_encryption"]=> string(4) "true" ["uid"]=> string(3) "uid" ["basedn"]=> string(24) "dc=my,dc=gov" ["admindn"]=> NULL ["adminpw"]=> NULL ["realm"]=> string(0) "" ["tls"]=> bool(false) ["attribute"]=> string(12) "userPassword" ["shadowlastchange"]=> NULL ["shadowmin"]=> NULL }

As you can see both shadowlastchange & shadowmin return NULL, and break this function. 
04/07/2007 Jan Schneider Comment #4 Reply to this comment
I have no idea how this could happen then. You have to track this further down in the code.
03/29/2007 david (at) tmv (dot) gov (dot) tw Comment #3 Reply to this comment
> Any chance this only happens to accounts that don't have changed the
> password yet, i.e. don't have the attribute specified by
> 'shadowlastchange' set?
All the entries in ou=people with 'shadowlastchange' ,and passwd module is the only one way provied to users to change their password.

P.S Wish i didn't misunderstand your comment.
03/29/2007 Jan Schneider Comment #2
State ⇒ Feedback		 Reply to this comment
Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set?
03/02/2007 david (at) tmv (dot) gov (dot) tw Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ shadowLastChange LDAP attribute are not updated
Queue ⇒ Passwd		 Reply to this comment
The shadowLastChange didn't wrote after passwd was changed successfully.And then i still can change my ldap'passwd in the same day again even shadowMin was set to 7.

Here are my ldap's attributes about shadow:
===================================
shadowLastChange: 13473
shadowFlag: 134544124
shadowInactive: -1
shadowMin: 7
shadowMax: -1
shadowWarning: 7

And here are my backend.conf :
$backends['ldap'] = array(
    'name' => 'LDAP server',
    'preferred' => 'localhost',
    'password policy' => array(
        'minLength' => 6
        //'maxLength' => 8
    ),
    'driver' => 'ldap',
    'params' => array(
        'host' => 'localhost',
        'port' => 389,
        'basedn' => 'dc=example,dc=com',
        'uid' => 'uid',
        // this will be appended to the username when looking for the userdn.
        'realm' => '',
        'encryption' => 'ssha',
        // make sure the host == cn in the server certificate
        'tls' => false
    )
);