I'm trying to reset the password expiry for a user (really set up a semi-automatic process for doing so) and it's making me cry:

server is openldap slapd: 2.4.28-1.1ubuntu4.2

$ ldapsearch -x -b dc=internal,dc=brazzers,dc=com uid=jenna sambaPwdLastSet sambaPwdMustChange
# jenna, People, internal.brazzers.com
dn: uid=jenna,ou=People,dc=internal,dc=brazzers,dc=com
sambaPwdLastSet: 1395420463
sambaPwdMustChange: 1398098896

Testing the output:

$ cat <<EOF
dn: uid=jenna,ou=People,dc=internal,dc=brazzers,dc=com
changetype: modify
replace: sambaPwdLastSet 
sambaPwdLastSet: $(date -u +%s)
replace: sambaPwdMustChange
sambaPwdMustChange: $(date -u -d "+1 month" +%s)


Results in:

dn: uid=jenna,ou=People,dc=internal,dc=brazzers,dc=com
changetype: modify
replace: sambaPwdLastSet 
sambaPwdLastSet: 1395421165
replace: sambaPwdMustChange
sambaPwdMustChange: 1398099565

OK, let's do this:

$ cat <<EOF | ldapmodify -D cn=admin,dc=internal,dc=brazzers,dc=com -W
dn: uid=jenna,ou=People,dc=internal,dc=brazzers,dc=com
changetype: modify
replace: sambaPwdLastSet 
sambaPwdLastSet: $(date -u +%s)
replace: sambaPwdMustChange
sambaPwdMustChange: $(date -u -d "+1 month" +%s)

Enter LDAP Password: 
ldapmodify: wrong attributeType at line 4, entry "uid=jenna,ou=People,dc=internal,dc=brazzers,dc=com"

What? How could it be wrong?

  • 38,725
  • 10
  • 102
  • 186

1 Answers1


ARGH! Another attack of the trailing spaces!

I had a trailing space on replace: sambaPwdLastSet just like:

"wrong attributetype" when using ldapadd

  • 38,725
  • 10
  • 102
  • 186