Sat, 05 Jul 2008 00:49:58 -0400 http://bugs.horde.org/ticket/5056 shadowLastChange LDAP attribute are not updated The shadowLastChange didn't wrote after passwd was changed successfully.And then i still can change my ldap'passwd in the same day again even shadowMin was set to 7. Here are my ldap's attributes about shadow: =================================== shadowLastChange: 13473 shadowFlag: 134544124 shadowInactive: -1 shadowMin: 7 shadowMax: -1 shadowWarning: 7 And here are my backend.conf : $backends['ldap'] = array( 'name' => 'LDAP server', 'preferred' => 'localhost', 'password policy' => array( 'minLength' => 6 //'maxLength' => 8 ), 'driver' => 'ldap', 'params' => array( 'host' => 'localhost', 'port' => 389, 'basedn' => 'dc=example,dc=com', 'uid' => 'uid', // this will be appended to the username when looking for the userdn. 'realm' => '', 'encryption' => 'ssha', // make sure the host == cn in the server certificate 'tls' => false ) ); Fri, 02 Mar 2007 20:41:38 -0500 http://bugs.horde.org/ticket/5056#t29984 Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set? Thu, 29 Mar 2007 13:25:07 -0400 http://bugs.horde.org/ticket/5056#t30812 > Any chance this only happens to accounts that don't have changed the > password yet, i.e. don't have the attribute specified by > 'shadowlastchange' set? All the entries in ou=people with 'shadowlastchange' ,and passwd module is the only one way provied to users to change their password. P.S Wish i didn't misunderstand your comment. Thu, 29 Mar 2007 20:34:16 -0400 http://bugs.horde.org/ticket/5056#t30896 I have no idea how this could happen then. You have to track this further down in the code. Sat, 07 Apr 2007 09:15:02 -0400 http://bugs.horde.org/ticket/5056#t31188 I add var_dump($this->_params); to line 247 and got the return message: array(14) { ["host"]=> string(13) "localhost" ["sslhost"]=> string(0) "" ["port"]=> int(389) ["encryption"]=> string(4) "ssha" ["show_encryption"]=> string(4) "true" ["uid"]=> string(3) "uid" ["basedn"]=> string(24) "dc=my,dc=gov" ["admindn"]=> NULL ["adminpw"]=> NULL ["realm"]=> string(0) "" ["tls"]=> bool(false) ["attribute"]=> string(12) "userPassword" ["shadowlastchange"]=> NULL ["shadowmin"]=> NULL } As you can see both shadowlastchange & shadowmin return NULL, and break this function. Fri, 13 Apr 2007 03:39:20 -0400 http://bugs.horde.org/ticket/5056#t31525 Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration. Wed, 18 Apr 2007 18:22:54 -0400 http://bugs.horde.org/ticket/5056#t31865 > Uh, I should have noticed on the first glance. Of course it doesn't > check or set the shadowLastChange and shadowMin attributes if you > don't set the appropriate parameters in the backend configuration. I don't see any detail scription about that in backend.conf.dist ,can you give me a hint ? Thu, 03 May 2007 20:49:59 -0400 http://bugs.horde.org/ticket/5056#t32583 This patch should fix the problem. David Wed, 09 Jan 2008 02:47:24 -0500 http://bugs.horde.org/ticket/5056#t40940 Committed, but commented out by default. Wed, 09 Jan 2008 03:21:40 -0500 http://bugs.horde.org/ticket/5056#t40943