From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 Description of problem: The shadowlastchange attribute is not being updated properly, causing my users to never be able to update their password successfully when the shadowlastchange attribute is set to zero. http://bugzilla.padl.com/show_bug.cgi?id=126 This is fixed in pam_ldap 166. The one in this version of nss_ldap is based on version 145. Version-Release number of selected component (if applicable): nss_ldap-189-4 How reproducible: Always Steps to Reproduce: Setup a master and slave openldap server with stock RH 21. Change your password with the ldap.conf on your client pointing to the slave. Your password will update, but shadowlastchange won't. Additional info:
Nalin, you seem to have fixed it with nss_ldap-189-12. The results below are what happened when I tried it in the lab by updating my password on a server that points directly to a slave LDAP instance rather than the master. [root@elladm02 brianb]# ldapsearch -x -h example.com -p 3389 -W '(uid=brianb)' -D "cn=admin,dc=example,dc=com" Enter LDAP Password: [irrelevant info snipped] shadowLastChange: 12669 [root@elladm02 brianb]# passwd brianb Changing password for user brianb. Enter login(LDAP) password: New password: Retype new password: LDAP password information changed for brianb passwd: all authentication tokens updated successfully. [root@elladm02 brianb]# ldapsearch -x -h example.com -p 3389 -W '(uid=brianb)' -D "cn=admin,dc=example,dc=com" Enter LDAP Password: [irrelevant info snipped] shadowLastChange: 12706 As you can see, it updated just fine.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-533.html