Micro Focus Contributor
Micro Focus Contributor
535 views

PwdChangedTime attribute not being updated

Hi,

I am trying to troubleshoot a problem with the PwdChangedTime attribute not being updated after a password change.

It looks like it's completely ignored, but this only happens on one of five servers.

The eDirectory replica is of 5 servers.

SLES 12 SP3
eDirectory 9.1

Server 1 : works
Server 2 : works
Server 3 : not works
Server 4 : works
Server 5 : works

What can be the cause?

How can i solve this problem?

TIA
Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: PwdChangedTime attribute not being updated

Hello,

please have a look whether Server 3 has a "read-only" replica of
eDirectory (instead of read/write or Master). This can be seen when
using ndsrepair -P and selecting the partition and view the replica ring.
Or check with the help of TID 3479868 (using iMonitor with advanced mode
enabled) whether certain attribute updates were disabled on server 3.

Regards

Burkhard Wiegand
OES Admin
0 Likes
Knowledge Partner
Knowledge Partner

Re: PwdChangedTime attribute not being updated

Another way to do this is with a script I created which uses LDAP, so you
can run it from any Linux box and query any eDirectory box to find out
about partitions and replicas:
https://www.netiq.com/communities/cool-solutions/cool_tools/edirectory-partitions-replicas-viewer/


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: PwdChangedTime attribute not being updated

wiegandb;2495908 wrote:
Hello,

please have a look whether Server 3 has a "read-only" replica of
eDirectory (instead of read/write or Master). This can be seen when
using ndsrepair -P and selecting the partition and view the replica ring.
Or check with the help of TID 3479868 (using iMonitor with advanced mode
enabled) whether certain attribute updates were disabled on server 3.

Regards

Burkhard Wiegand
OES Admin


A read-only replica will not stop attribute values stored in that replica from changing. It only stops that particular replica from initiating the change. Attempted changes will be referred to a writable replica, and will then synchronize (back) to the read-only.

I have yet to find an actual use case where read-only replica makes sense.
0 Likes
Knowledge Partner
Knowledge Partner

Re: PwdChangedTime attribute not being updated

esilva;2495805 wrote:
Hi,

I am trying to troubleshoot a problem with the PwdChangedTime attribute not being updated after a password change.

It looks like it's completely ignored, but this only happens on one of five servers.

The eDirectory replica is of 5 servers.

SLES 12 SP3
eDirectory 9.1

Server 1 : works
Server 2 : works
Server 3 : not works
Server 4 : works
Server 5 : works

What can be the cause?

How can i solve this problem?

TIA


How, exactly, are you testing this?
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: PwdChangedTime attribute not being updated

Hi,

For test, we execute ldapmodify (userpassword atributte) in server #3 and pwdChangedTime not update. In another servers Works.

What is posible cause?

User container is ou=users,o=data and exists 1 master replica. Anothers servers is R/W partition.

TIA
0 Likes
Knowledge Partner
Knowledge Partner

Re: PwdChangedTime attribute not being updated

Is it safe to assume that the password changes successfully throughout the
tree in either server's case?

What versions of eDirectory do you hav eon these two boxes? The same
exactly, or closely, or not at all? Which OS?

Are you waiting a second or a few for replication to complete in either
case? This really should not matter much, especially if you are checking
the same box where you made the password change.

Have you compared LDAP attribute mappings among boxes to be sure they are
consistent, especially with regard to userPassword (probably not mapped at
all anywhere)?


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.