Tickets :: [#5056] shadowLastChange LDAP attribute are not updated

6.0.0-beta1

7/20/25

Summary	shadowLastChange LDAP attribute are not updated
Queue	Passwd
Queue Version	3.0.1-RC1
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	david (at) tmv (dot) gov (dot) tw
Created	03/03/2007 (6714 days ago)
Due
Updated	01/09/2008 (6402 days ago)
Assigned	03/29/2007 (6688 days ago)
Resolved	01/09/2008 (6402 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

01/09/2008 08:21:40 AM	Jan Schneider	Comment #9 Assigned to Jan Schneider State ⇒ Resolved	Reply to this comment
Committed, but commented out by default.

01/09/2008 07:47:24 AM	david (at) tmv (dot) gov (dot) tw	Comment #8 New Attachment: backends.patch.txt	Reply to this comment
This patch should fix the problem. David

05/04/2007 12:49:59 AM	david (at) tmv (dot) gov (dot) tw	Comment #7	Reply to this comment
Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration. I don't see any detail scription about that in backend.conf.dist ,can you give me a hint ?

04/18/2007 10:22:54 PM	Jan Schneider	Comment #6 State ⇒ Not A Bug	Reply to this comment
Uh, I should have noticed on the first glance. Of course it doesn't check or set the shadowLastChange and shadowMin attributes if you don't set the appropriate parameters in the backend configuration.

04/13/2007 07:39:20 AM	david (at) tmv (dot) gov (dot) tw	Comment #5	Reply to this comment
I add var_dump($this->_params); to line 247 and got the return message: array(14) { ["host"]=> string(13) "localhost" ["sslhost"]=> string(0) "" ["port"]=> int(389) ["encryption"]=> string(4) "ssha" ["show_encryption"]=> string(4) "true" ["uid"]=> string(3) "uid" ["basedn"]=> string(24) "dc=my,dc=gov" ["admindn"]=> NULL ["adminpw"]=> NULL ["realm"]=> string(0) "" ["tls"]=> bool(false) ["attribute"]=> string(12) "userPassword" ["shadowlastchange"]=> NULL ["shadowmin"]=> NULL } As you can see both shadowlastchange & shadowmin return NULL, and break this function.

04/07/2007 01:15:02 PM	Jan Schneider	Comment #4	Reply to this comment
I have no idea how this could happen then. You have to track this further down in the code.

03/30/2007 12:34:16 AM	david (at) tmv (dot) gov (dot) tw	Comment #3	Reply to this comment
Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set? All the entries in ou=people with 'shadowlastchange' ,and passwd module is the only one way provied to users to change their password. P.S Wish i didn't misunderstand your comment.

03/29/2007 05:25:07 PM	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
Any chance this only happens to accounts that don't have changed the password yet, i.e. don't have the attribute specified by 'shadowlastchange' set?

03/03/2007 01:41:38 AM	david (at) tmv (dot) gov (dot) tw	Comment #1 Priority ⇒ 2. Medium State ⇒ Unconfirmed Queue ⇒ Passwd Summary ⇒ shadowLastChange LDAP attribute are not updated Type ⇒ Bug	Reply to this comment
The shadowLastChange didn't wrote after passwd was changed successfully.And then i still can change my ldap'passwd in the same day again even shadowMin was set to 7. Here are my ldap's attributes about shadow: =================================== shadowLastChange: 13473 shadowFlag: 134544124 shadowInactive: -1 shadowMin: 7 shadowMax: -1 shadowWarning: 7 And here are my backend.conf : $backends['ldap'] = array( 'name' => 'LDAP server', 'preferred' => 'localhost', 'password policy' => array( 'minLength' => 6 //'maxLength' => 8 ), 'driver' => 'ldap', 'params' => array( 'host' => 'localhost', 'port' => 389, 'basedn' => 'dc=example,dc=com', 'uid' => 'uid', // this will be appended to the username when looking for the userdn. 'realm' => '', 'encryption' => 'ssha', // make sure the host == cn in the server certificate 'tls' => false ) );