>From an old post I found I could enable self-write access to the >shadowLastChange attribute by going into the directory, selecting root domain, >select set access permissions, select enable self write for common attributes, >and edit "self" manually. Add shadowLastChange and userPassword in the list >and saved. Worked great. This was a account imported from an older openldap >server. Is this the correct fix for this or have I misconfigured something >and should fix it correctly.
Thanks From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of David Hoskinson Sent: Thursday, September 29, 2011 7:33 AM To: General discussion list for the 389 Directory server project. Subject: [389-users] Password expiration policy problem I have configured our directory server to have a global password policy in the directory server, under Data-> Passwords. The policy we have elected to use the password expires in 45 days. For the last 15 days it has been warning me to change it. I have on several occasions changed it by typing password in a terminal window and changing it. This has been successful and new password is active. However the next time I login the count down has not been reset. I was wondering what would happen when it got to 0 so I let that happen today. As expected it prompted me to change my password and reset it. However when I log back in I am still at 0 and hence cannot login to the machine. I looked at the passwordexpirationtime on my account and it reads 20111113112125Z as I believe it should since it was reset today. Still can't login, and account says I am at 0 days... Thanks for any help... David Hoskinson | DATATRAK International Systems Engineer Mayfield Heights, Ohio, USA +1.440.443.0082 x 124 (p) | +1.216.280.5457 (m) david.hoskin...@datatrak.net<mailto:david.hoskin...@datatrak.net> | www.datatrak.net<http://www.datatrak.net/>
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
