Package: slapd
Version: 2.2.23-8
Severity: minor
In order for password aging to work with LDAP, a user has to be able to
both read and change the "shadowLastChange" field in their user object.
I suggest the following be included in the default slapd.conf file,
possibly commented-out by default.
access to attrs=shadowLastChange
by dn="cn=admin,dc=example,dc=com" write
by self write
by * read
It seems it should be possible to just add this field to the attrs list
(after "userPassword") that limits access to reading the password, but
it doesn't work there for some reason I don't understand.
Brian
( [EMAIL PROTECTED] )
-------------------------------------------------------------------------------
We've all had "bad experiences", but there is no such thing as bad
experience.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
