# Added patch to log when updating shadowlastchange fails, Closes: #165994
#
--- libpam-ldap-184.orig/pam_ldap.c
+++ libpam-ldap-184/pam_ldap.c
@@ -3762,6 +3762,8 @@
     }
   else
     {
+      int errcode;
+
       /* update shadowLastChange; may fail if not shadowAccount */
       snprintf (buf, sizeof buf, "%ld", time (NULL) / (60 * 60 * 24));
       strvals[0] = buf;
@@ -3805,8 +3805,14 @@
       mods[0] = &mod;
       mods[1] = NULL;
 
-      /* do this silently because it may fail */
-      (void) ldap_modify_s (session->ld, session->info->userdn, mods);
+      /* Only log errors because it may fail */
+      errcode = ldap_modify_s (session->ld, session->info->userdn, mods);
+      if (errcode != LDAP_SUCCESS)
+      {
+	syslog (LOG_WARNING,
+			"pam_ldap: Unable to update shadowLastChange attribute: %s",
+			ldap_err2string (rc));
+      }
 
       snprintf (errmsg, sizeof errmsg,
 		"LDAP password information changed for %s", username);
