5fe91dc ldap: only update shadowLastChange when password change is successful

1 file Authored by Jim Collins 10 years ago, Committed by sgallagh 10 years ago,
    ldap: only update shadowLastChange when password change is successful
    
    https://fedorahosted.org/sssd/ticket/1999
    
    ldap_auth.c code which was added to SSSD for updating the
    shadowLastChange when "ldap_chpass_update_last_change" option is
    enabled updates shadowLastChange even when the PAM password change
    status reports failure.
    
    We should only update shadowLastChange on PAM password change success or
    we open up a work around for users to avoid changing their passwords
    periodically as required by policy. The user simply attempts to change
    password, fails by trying to set new password which invalid (denied due
    to password history check) yet shadowLastChange is updated, avoiding
    their need to actually change the password they are using.