Tickets :: [#5056] shadowLastChange LDAP attribute are not updated

Summary	shadowLastChange LDAP attribute are not updated
Queue	Passwd
Queue Version	3.0.1-RC1
Type	Bug
State	Resolved
Priority	2. Medium
Owners	Jan Schneider <jan (at) horde (dot) org>
Requester	david (at) tmv (dot) gov (dot) tw
Created	03/02/07 (1112 days ago)
Due
Updated	01/09/08 (799 days ago)
Assigned	03/29/07 (1085 days ago)
Resolved	01/09/08 (799 days ago)
Attachments	backends.patch.txt
Milestone
Patch	No

01/09/08	Jan Schneider	Comment #9 Assigned to Jan Schneider State ⇒ Resolved	Reply to this comment
Committed, but commented out by default.

01/09/08	david (at) tmv (dot) gov (dot) tw	Comment #8 New Attachment: backends.patch.txt	Reply to this comment
This patch should fix the problem. David

05/03/07	david (at) tmv (dot) gov (dot) tw	Comment #7	Reply to this comment
Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration. I don't see any detail scription about that in backend.conf.dist ,can you give me a hint ?

04/18/07	Jan Schneider	Comment #6 State ⇒ Not A Bug	Reply to this comment
Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration.

04/13/07	david (at) tmv (dot) gov (dot) tw	Comment #5	Reply to this comment
I add var_dump($this->_params); to line 247 and got the return message: array(14) { ["host"]=> string(13) "localhost" ["sslhost"]=> string(0) "" ["port"]=> int(389) ["encryption"]=> string(4) "ssha" ["show_encryption"]=> string(4) "true" ["uid"]=> string(3) "uid" ["basedn"]=> string(24) "dc=my,dc=gov" ["admindn"]=> NULL ["adminpw"]=> NULL ["realm"]=> string(0) "" ["tls"]=> bool(false) ["attribute"]=> string(12) "userPassword" ["shadowlastchange"]=> NULL ["shadowmin"]=> NULL } As you can see both shadowlastchange & shadowmin return NULL, and break this function.

04/07/07	Jan Schneider	Comment #4	Reply to this comment
I have no idea how this could happen then. You have to track this further down in the code.

03/29/07	david (at) tmv (dot) gov (dot) tw	Comment #3	Reply to this comment
Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set? All the entries in ou=people with 'shadowlastchange' ,and passwd module is the only one way provied to users to change their password. P.S Wish i didn't misunderstand your comment.

03/29/07	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set?

03/02/07	david (at) tmv (dot) gov (dot) tw	Comment #1 State ⇒ Unconfirmed Queue ⇒ Passwd Summary ⇒ shadowLastChange LDAP attribute are not updated Type ⇒ Bug Priority ⇒ 2. Medium	Reply to this comment
The shadowLastChange didn't wrote after passwd was changed successfully.And then i still can change my ldap'passwd in the same day again even shadowMin was set to 7. Here are my ldap's attributes about shadow: =================================== shadowLastChange: 13473 shadowFlag: 134544124 shadowInactive: -1 shadowMin: 7 shadowMax: -1 shadowWarning: 7 And here are my backend.conf : $backends['ldap'] = array( 'name' => 'LDAP server', 'preferred' => 'localhost', 'password policy' => array( 'minLength' => 6 //'maxLength' => 8 ), 'driver' => 'ldap', 'params' => array( 'host' => 'localhost', 'port' => 389, 'basedn' => 'dc=example,dc=com', 'uid' => 'uid', // this will be appended to the username when looking for the userdn. 'realm' => '', 'encryption' => 'ssha', // make sure the host == cn in the server certificate 'tls' => false ) );