as the timestamp used for ldap is not the unixtimestamp, we just use time for updating the session cache on auth_alpwchange_val

phpgwapi/inc/class.auth.inc.php

@@ -164,8 +164,8 @@ class auth
 				elseif ($passwordAgeBorder > $alpwchange_val && $alpwchange_val > 0)
 				{
 					error_log(__METHOD__.' Password of '.$GLOBALS['egw_info']['user']['account_lid'].' ('.$GLOBALS['egw_info']['user']['account_fullname'].') is of old age.'.array2string(array(
-						'ts'=>$GLOBALS['egw_info']['user']['account_lastpwd_change'],
-						'date'=>egw_time::to($GLOBALS['egw_info']['user']['account_lastpwd_change']))));
+						'ts'=> $alpwchange_val,
+						'date'=>egw_time::to($alpwchange_val))));
 					$message = lang('it has been more then %1 days since you changed your password',$GLOBALS['egw_info']['server']['change_pwd_every_x_days']);
 				}
 				if ($GLOBALS['egw_info']['user']['apps']['password']) egw::redirect_link('/preferences/password.php',array('message'=>$message));

phpgwapi/inc/class.auth_ldap.inc.php

@@ -245,7 +245,8 @@ class auth_ldap implements auth_backend
 		{
 			return false;
 		}
-		if (!$admin) egw_cache::setSession('phpgwapi','auth_alpwchange_val',$entry['shadowlastchange']);
+		// using time() is sufficient to represent the current time, we do not need the timestamp written to the storage
+		if (!$admin) egw_cache::setSession('phpgwapi','auth_alpwchange_val',(is_null($lastpwdchange) || $lastpwdchange<0 ? time():$lastpwdchange));
 		return true;
 	}
 
@@ -300,7 +301,8 @@ class auth_ldap implements auth_backend
 		if($old_passwd)	// if old password given (not called by admin) update the password in the session
 		{
 			$GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
-			egw_cache::setSession('phpgwapi','auth_alpwchange_val',$entry['shadowlastchange']);
+			// using time() is sufficient to represent the current time, we do not need the timestamp written to the storage
+			egw_cache::setSession('phpgwapi','auth_alpwchange_val',time());
 		}
 		return $entry['userpassword'];
 	}