| Summary | shadowLastChange LDAP attribute are not updated |
| Queue | Passwd |
| Queue Version | 3.0.1-RC1 |
| Type | Bug |
| State | Resolved |
| Priority | 2. Medium |
| Owners | Jan Schneider <jan (at) horde (dot) org> |
| Requester | david (at) tmv (dot) gov (dot) tw |
| Created | 03/02/2007 (436 days ago) |
| Due | |
| Updated | 01/09/2008 (123 days ago) |
| Assigned | 03/29/2007 (409 days ago) |
| Resolved | 01/09/2008 (123 days ago) |
| Attachments | backends.patch.txt ![]() |
| Milestone | |
| Patch |
State ⇒ Resolved
Assigned to Jan Schneider
Committed, but commented out by default.New Attachment: backends.patch.txt
This patch should fix the problem.
David
> Uh, I should have noticed on the first glance. Of course it doesn't
> check or set the shadowLastChange and shadowMin attributes if you
> don't set the appropriate parameters in the backend configuration.
I don't see any detail scription about that in backend.conf.dist ,can you give me a hint ?
State ⇒ Not A Bug
Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration.I add var_dump($this->_params); to line 247 and got the return message:
array(14) { ["host"]=> string(13) "localhost" ["sslhost"]=> string(0) "" ["port"]=> int(389) ["encryption"]=> string(4) "ssha" ["show_encryption"]=> string(4) "true" ["uid"]=> string(3) "uid" ["basedn"]=> string(24) "dc=my,dc=gov" ["admindn"]=> NULL ["adminpw"]=> NULL ["realm"]=> string(0) "" ["tls"]=> bool(false) ["attribute"]=> string(12) "userPassword" ["shadowlastchange"]=> NULL ["shadowmin"]=> NULL }
As you can see both shadowlastchange & shadowmin return NULL, and break this function.
I have no idea how this could happen then. You have to track this further down in the code.> Any chance this only happens to accounts that don't have changed the
> password yet, i.e. don't have the attribute specified by
> 'shadowlastchange' set?
All the entries in ou=people with 'shadowlastchange' ,and passwd module is the only one way provied to users to change their password.
P.S Wish i didn't misunderstand your comment.
State ⇒ Feedback
Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set?Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ shadowLastChange LDAP attribute are not updated
Queue ⇒ Passwd
The shadowLastChange didn't wrote after passwd was changed successfully.And then i still can change my ldap'passwd in the same day again even shadowMin was set to 7.
Here are my ldap's attributes about shadow:
===================================
shadowLastChange: 13473
shadowFlag: 134544124
shadowInactive: -1
shadowMin: 7
shadowMax: -1
shadowWarning: 7
And here are my backend.conf :
$backends['ldap'] = array(
'name' => 'LDAP server',
'preferred' => 'localhost',
'password policy' => array(
'minLength' => 6
//'maxLength' => 8
),
'driver' => 'ldap',
'params' => array(
'host' => 'localhost',
'port' => 389,
'basedn' => 'dc=example,dc=com',
'uid' => 'uid',
// this will be appended to the username when looking for the userdn.
'realm' => '',
'encryption' => 'ssha',
// make sure the host == cn in the server certificate
'tls' => false
)
);